RE: Extending GenericPrincipal/RealmBase: Essentially a classloader question

-mail to [EMAIL PROTECTED] explaining how this may be accomplished and how one can protect himself from such exposure. Regards, Rossen Raykov -Original Message- From: John H [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 1:32 PM To: Tomcat Users List Subject: Re: Extending

RE: Multiple Paths in one Context

If you are using apache or another web server as front-end you may do that mapping on the web server level. Regards, Rossen Raykov -Original Message- From: Ben Janes [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 10:32 AM To: Tomcat Users List Subject: Re: Multiple Paths

RE: Can someone PLEASE tell me why tomcat uses so much CPU???

moved to Jakarta Tomcat connectors jk-1.2.0 (released last week) and so fare I didn't have time to observe the new system behavior. Regards, Rossen Raykov -Original Message- From: Chris Read [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 01, 2002 5:09 AM To: 'Tomcat Users List

RE: Handling sessions without cookies?????

1. Pass a session token as a parameter (get or post) to all the pages. 2. If you pages are exclusively accessible by SSL connections use the SSL session ID. Regards, Rossen -Original Message- From: Alfonso Martinez [mailto:[EMAIL PROTECTED]] Sent: Friday, September 27, 2002 4:28 PM

RE: Problem with Tomcat and JServ

You have to use Content-Disposition header. Try something like: Content-Disposition: attachment; filename=fname.pdf Regards, Rossen Raykov -Original Message- From: Philippe de M. Sevestre [mailto:[EMAIL PROTECTED]] Sent: Friday, September 27, 2002 4:49 PM To: Tomcat Users List Cc

RE: Tomcat Security Problem Help (using mod_jk)

Do not mount /servlet/* but only the servlets that you application is really using. Regards, Rossen Raykov -Original Message- From: Ramilio D [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 25, 2002 12:30 AM To: [EMAIL PROTECTED] Subject: Tomcat Security Problem Help (using

RE: [SECURITY] Apache Tomcat 4.x JSP source disclosurevulnerability

. That's why I believe Velocity should suffer from this bug in the same way JSP is. I didn't test Velocity but there is not any reason that it will be resistant to this exposure. Regards, Rossen Raykov -Original Message- From: Kent Perrier [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September

JSP source code exposure in Tomcat 4.x

-resource-collection auth-constraint role-name/role-name /auth-constraint /security-constraint See the server's documentation for more details. Regards, Rossen Raykov PS. Special thanks to the Tomcat development team for their quick response. --- Rossen Raykov COGNICASE U.S.A. Inc

RE: tomcat 4.1.12

-constraint You can try and test any of them on you own risk. Regards, Rossen Raykov -Original Message- From: John Trollinger [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 24, 2002 1:33 PM To: 'Tomcat Users List' Subject: RE: tomcat 4.1.12 Map the servlet to a know name using

RE: [SECURITY] Apache Tomcat 4.x JSP source disclosure vulnerability

The problem is not connected directly to the JSPs or the jsp engine. It's the default servlet that has the problem. I didn't test it but I believe using this vulnerability one can get Velocity also. What he will find inside - depends only on the programmers/designers in both cases. Regards,

RE: [SECURITY] Apache Tomcat 4.x JSP source disclosurevulnerability

See the original posting on BugTrag for more details http://online.securityfocus.com/archive/1/292936/2002-09-21/2002-09-27/0 Regards, Rossen Raykov -Original Message- From: Tim Moore [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 24, 2002 5:34 PM To: Tomcat Users List

RE: JaspException: Variable may not have been initialized

Change the startup script to use the 64-bit data model (use java's -d64 option). You may need to install it if you do not have it already. Regards, Rossen Raykov -Original Message- From: Xiaoyu Zhang [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 17, 2002 12:04 PM To: [EMAIL

RE: POST request processing failure

these POST problems occur. I don't know what the source of the problem is, perhaps the remote client is aborting the connection before the POST completes? If you find out the source of the problem please let me know! Regards, Glenn Rossen Raykov wrote: I have Tomcat 4.0.4/Struts 1.0.2

RE: POST request processing failure

then cause the AJP Processor read to fail. Regards, Glenn Rossen Raykov wrote: I suspected that this may be related to that old issue since it disappeared after the upgrade to 4.0.4. I believe it is connected to the ajp13 protocol but I can not prove it. The strangest thing

RE: Precompilation

Mark, Try to use -webinc option and include generated web.xml in the application's deployment descriptor. This will map all the generated Java classes to the corresponding JSP URLs. Regards, Rossen -Original Message- From: Mark O'Driscoll [mailto:[EMAIL PROTECTED]] Sent: Monday,

RE: tomcat/unix security manager questions

Unix permissions do take precedence over java security policy. Regards, Rossen -Original Message- From: Richard Smith [mailto:[EMAIL PROTECTED]] Sent: Sunday, August 18, 2002 11:12 PM To: [EMAIL PROTECTED] Subject: tomcat/unix security manager questions Hi All, Just

RE: Precompiling JSPs for Tomcat

Try something like: property name=build.compiler value=jikes/ path id=compile.classpath pathelement location=${java.home}/jre/lib/rt.jar/ pathelement location=${java.home}/lib/tools.jar/ pathelement location=${tomcat.lib}/jasper-compiler.jar/ pathelement

Why JSPC is storing all the compiled files in one directory regardless of the application subdirectories?

with -dd)! Also it looks like the usage of -v option doesn't change anything. Regards, Rossen --- Rossen Raykov COGNICASE U.S.A. Inc. (908) 860-1100 Ext. 1140 [EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]

RE: request.getReader() hanging

page, it works fine. cheers Chris -Original Message- From: Rossen Raykov [mailto:[EMAIL PROTECTED]] Sent: 03 June 2002 18:08 To: 'Tomcat Users List' Subject: RE: request.getReader() hanging Can you reproduce it? Does it utilize the whole available CPU? Rossen

RE: request.getReader() hanging

() == == -Original Message- From: Rossen Raykov [mailto:[EMAIL PROTECTED]] Sent: 05 June 2002 17:01 To: 'Tomcat Users List' Cc: '[EMAIL PROTECTED]' Subject: RE: request.getReader() hanging The problem is that apj13 does not serve servlets and JSP

RE: request.getReader() hanging

Can you reproduce it? Does it utilize the whole available CPU? Rossen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, May 31, 2002 1:21 PM To: [EMAIL PROTECTED] Subject: request.getReader() hanging hi all recently upgraded, or attempted to

RE: Apcahe's CPU goes to 100%

Hi there, I'm having very similar problem on Solaris 8 JDK 1.3.1_01and Tomcat 4.0.3. It was even worst with JDK 1.3.1_03-b03 since java was crashing with bug report info. I spend sometime to investigate the problem and I discovered the following: 1. apaches CPU usage grows as it is possible; 2.

jikes as JSP compiler in Jasper/Tomcat 4.0.3

I'm trying to use jikes as a JPS compiler in Tomcat 4.0.3 but it is receiving extra parameter -encoding UTF8 which is braking the compilation process. I'm using JDK 1.3.1_01 on Solaris 8 but the same result I had also with JDK 1.4.0. In my per server web.xml I have: -- CUT --- servlet

Serving static objects

Hi All, I noticed that tomcat4 is not serving all requests. The count of the requests served by it (reported in the access log file and also by RequestDumper) is smaller to the real one. I verified it using ngrep. I looks like it is not serving about 40% from the requests for static content (gif