Hi Jeff,
I will implement storing the connection in
the session with the log
out killing the connection.
what happens if the user never logs out? then your Tomcat might end up with
quite a few open connections that it cannot close and the only way to close
such connections would be to
over - they have won.
Your security team knows the threat model for you situation far better
than I do but it sounds to me like they are trying too hard in one area
and have missed a bunch of other threats.
Mark
Akoulov, Alexandre [IT] wrote:
Hi all
I have a problem that's been raised
to a machine it is
game over - they have won.
Your security team knows the threat model for you situation far better
than I do but it sounds to me like they are trying too hard in one area
and have missed a bunch of other threats.
Mark
Akoulov, Alexandre [IT] wrote:
Hi all
I have a problem
Hi all
I have a problem that's been raised by my security team to do with using
Tomcat JDBCRealms. We're using such realms to protect restricted resources. We
also have a custom login form. The steps Tomcat seems to follow when using such
a setup is:
1. Check to see if the user is
If your non-web application is to be only accessed by web apps why would not
you run it in the tomcat's JVM (just place non-web application in the
${catalina.base}/shared/classes or as a jar file into
${catalina.base}/shared/classes). In this scenario you eliminate the need for
maintaining the
Hi Mino,
that is what we do:
a) generate java files with JspC compiler
b) compile java files with javac compiler
c) copy class files to the required location (ie class directory under WEB-INF )
Hope it helps,
Sasha.
-Original Message-
From: Giacomino Raccuia [mailto:[EMAIL PROTECTED]
it wrong. That's possible as to be honest I've never
tried what you're trying for real, I'm going on what the docs say not
personal experience.
-Original Message-
From: Akoulov, Alexandre [IT]
[mailto:[EMAIL PROTECTED]
Sent: Monday 23 May 2005 06:53
To: Tomcat Users List
Subject: RE
Hi all,
I'd greatly appreciate if you could shed a ray of light on the following
problem ( see below)
-Original Message-
From: Akoulov, Alexandre [IT]
Sent: Friday, 20 May 2005 11:15 AM
To: Tomcat Users List
Subject: problem: Session invalidation in the servlet accessed via
foreign
line 2?
-Original Message-
From: Akoulov, Alexandre [IT]
[mailto:[EMAIL PROTECTED]
Sent: Monday 23 May 2005 00:43
To: tomcat-user@jakarta.apache.org
Subject: Re: problem: Session invalidation in the servlet
accessed via foreign context
Hi all,
I'd greatly appreciate
versions of the servlet spec, but perhaps session
behaviour was defined differently in previous versions. You could find out
with a google search, or maybe someone else will answer
-Original Message-
From: Akoulov, Alexandre [IT]
[mailto:[EMAIL PROTECTED]
Sent: Monday 23 May 2005 01
Hi all,
It seems that there is a problem with session invalidation in tomcat5.0. Please
refer to the explanation below:
1. HttpSession session = req.getSession(true); // get existing user session or
create one if does not exist
2. session.invalidate(); // invalidate user session
Thanks Mark and Co. for fixing the problem
-Original Message-
From: Mark Thomas [mailto:[EMAIL PROTECTED]
Sent: Wednesday, 18 May 2005 4:59 PM
To: tomcat-user@jakarta.apache.org
Subject: Recent spam
All,
Just a quick update on the recent issues.
1. The spam with German subject
To: Tomcat Users List
Subject: RE: Problem with the classloader in jakarta-tomcat-5.0.28 -
cannot add a jar file to class repository
From: Akoulov, Alexandre [IT] [mailto:[EMAIL PROTECTED]
Subject: RE: Problem with the classloader in
jakarta-tomcat-5.0.28 - cannot add a jar file to class repository
Hi all,
I'd greatly appreciate your thoughts on the following issue (and the proposed
solution ):
When adding a jar file (eg, foo/bar.jar) to the class loader's repository it
treats as a directory and therefore it cannot load any classes from this jar.
The following explains why it happens.
, 21 April 2005 9:27 PM
To: Tomcat Users List
Subject: RE: Problem with the classloader in jakarta-tomcat-5.0.28 -
cannot add a jar file to class repository
From: Akoulov, Alexandre [IT] [mailto:[EMAIL PROTECTED]
Subject: Problem with the classloader in
jakarta-tomcat-5.0.28 - cannot add a jar
To: Tomcat Users List
Subject: RE: Problem with the classloader in jakarta-tomcat-5.0.28 -
cannot add a jar file to class repository
From: Akoulov, Alexandre [IT] [mailto:[EMAIL PROTECTED]
Sent: 2005 April 21, Thursday 19:48
Subject: RE: Problem with the classloader in
jakarta-tomcat-5.0.28
16 matches
Mail list logo