It can't be done (at least without hacking :). The servlet-spec only tells
how to secure a page. There is no concept of un-securing a page.
If you are using iPlanet+Tomcat, and the un-secure areas are all static
content, then you can configure iPlanet to serve the un-secure areas
(bypassing Tomc
Only the communication between browser and apache server is ssl
encrypted. Both the communications between apache and tomcat and tomcat
and database are not. At least not without further action.
So make sure that your server does not open the ajp13 connector (mod_jk
or whatever) port and db server
Here are the channels of communication. For a typical web page there are
3 socket connections that can be concurrently open.
A: Web Browser --> Apache
B: Apache --> Tomcat
C: Tomcat --> Database
Now onto the security ...
A: If ssl then secure
B: If ssl, then secure. If not ssl, then someone betwe
Hi David,
if it weren't Apache I would say: try
HttpServletRequest.getUserPrincipal().getName(). Maybe it could
be that this also works with Apache...
Andreas
> I'm trying to retrieve the userid that logged into apache and accessed
> the current JSP page. How can I get this info?
>
> Expl
You could always use Referrer to see where the request is coming from. I am
not sure if this would work if you used a dispatcher.
Pritpal Dhaliwal
- Original Message -
From: "Laurent Michenaud" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, November 15, 2001 7:38 AM
Subje
You can pass (possibly encrypted) information that
only the two parties know. This is essentially
authentication like your username/password.
Frank Lawlor
Athens Group, Inc.
(512) 345-0600 x151
Athens Group, an employee-owned consulting firm integrating technology
strategy and software solution
I've started looking at some of the security issues
but I'm still behind where you are in the area of
your questions.
Where did you find this document that has
section 8 on "Existing Risks and Problems"
Thanks,
Frank Lawlor
Athens Group, Inc.
(512) 345-0600 x151
Athens Group, an employee-owne
t;[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, October 19, 2001 5:56 PM
Subject: RE: Security Question
> What is your debug level in the context?
>
> Darrell
>
>
> -Original Message-
> From: Gerry Duhig [mailto:[EMAIL PROTECTED]]
> Sent: Friday, Oc
What is your debug level in the context?
Darrell
-Original Message-
From: Gerry Duhig [mailto:[EMAIL PROTECTED]]
Sent: Friday, October 19, 2001 9:34 AM
To: [EMAIL PROTECTED]
Subject: Fw: Security Question
I am using Tomcat with JBoss and JBoss is handling security. Everything
works fi
On Wed, 29 Aug 2001, Achim Baier wrote:
>
> Now my question:
> Am I wrong-minded, is it bug or is it a jsp/servlet/j2ee-feature? Any
> comments?
>
Security constraints that you mention in your web.xml deployment
descriptor are *only* applied to the original request URI, *not* to any
request UR
Hello Jeff, Hello List,
thank you very much for your reply. A look at this example would have
prevent me from spending a lot of time and writeing the other mail. The
build in example doesn't work at my installation. That j_security_check
stuff is missing. But that doesn't matter, I try to use bas
It's all defined in the servlet spec, downloadable from
http://java.sun.com/products/servlet/index.html.
Tomcat comes with a preconfigured example (examples/jsp/security)
demonstrating this.
--Jeff
On Fri, Apr 06, 2001 at 09:49:38AM +0800, [EMAIL PROTECTED] wrote:
> Hello everybody,
>
> the "p
12 matches
Mail list logo
