JSP or Servlet wrt security

2003-02-27 Thread mls
For creating a totally new web site, is there any difference from security point of view of using only servlets or using only JSPs? Environment (if it matters) non-root Tomcat 4.1.18 (serving both static and dynamic pages - no web server ahead of it), Linux (RH 7.3), DMZ (packet filter), JNDI and s

Re: Hardening Tomcat 3.2.4

2002-07-25 Thread mls
"Turner, John" wrote: > What's the ramification of tomcat failing? Can it even fail > into a critical mode? I have not researched into Tomcat failure modes. My guess follows... 1) It may have different consequences on different platforms. On Unix/related platforms, it may be just a denial of

Re: Hardening Tomcat 3.2.4

2002-07-25 Thread mls
I run Tomcat standalone. The rationale is that by eliminating Apache from the equation, another layer of complex code is eliminated increasing the security. It makes life easier also! (one less thing to configure) das "Turner, John" wrote: > Is it possible to configure tomcat to listen only on

Re: Hardening Tomcat 3.2.4

2002-07-25 Thread mls
Mike Jackson wrote: > A firewall is probably the best way to harden tomcat. Or any web server > for that matter, however for a one good you're going to probably end up > paying a large sum of money. You could go on the cheaper side and only use > a stateful port blocking firewall, but really to

Re: Hardening Tomcat 3.2.4

2002-07-25 Thread mls
I posted a similar question a while ago and did not receive any answer from this list. May be, folks on this list are admins/ developers/programmers who are bothered mostly about application itself and not security. May be there is an "overall security" list where such questions may be posed. Any

Re: How do I Hide version specific information

2002-07-18 Thread mls
Tim Funk wrote: > In reality - use best practices to secure your installation. Any "best practices" link for Tomcat security? das -- To unsubscribe, e-mail: For additional commands, e-mail:

Re: common/lib installation problems

2002-07-18 Thread mls
Kirsten Sachwitz wrote: > 1) install Java 2 run time enviroments (file name: > j2re-1_4_0_01-windows-i586.exe) this installs properly Try installing Java SDK, not just run time. das -- To unsubscribe, e-mail: For additional commands, e-mail:

Re: how to make tomcat faster

2002-07-14 Thread mls
Joe Schiavone wrote: > HOST your production using a UNIX box. I recommend Solaris x86. > However, a good tightly configured linux machine would suffice too. Curious to know what advantage Solaris x86 offers versus Linux. Is it thread handling? das -- To unsubscribe, e-mail:

Re: Tomcat, Linux and new JDK

2002-07-10 Thread mls
My system (RH 7.1 + TC 4.x) is lightly loaded and it shows around 60. I have tried loading the system with unconnected Java applets and they don't seem to suffer unduly because of Tomcat threads. das Wick Swain wrote: > > Thanks for the reply, Dave. Would you mind running the command "ps -ef

Security of Tomcat sites

2002-07-08 Thread mls
I run a couple of websites off of Tomcat 4.x (standalone). Is there a concept of hardening Tomcat, like there is for OS? Any automated programs or recipes out there for testing how secure my installation really is? Thanks, das -- To unsubscribe, e-mail: For addition

Re: Tomcat and static content

2002-07-07 Thread mls
Kapil Sharma wrote: > Is there any way to know that apache is serving > all static content like .html/.gif/.jpeg? [ May be I am missing something fundamental in your question. ] Can't you just access one of your static web pages from another computer and see what you get? das -- To unsubscri

Re: Mailing List Load.... Forum???

2002-06-27 Thread mls
> If the owners of the list are interested in working with me > I'll pitch in some work in creating a proposal for a > comp.lang.java-server-side Thought this list was specifically for Tomcat and related issues - not the general java-server-side. If folks want to go and create a comp.lang.java-s

Re: Book recommendation (Summary)

2002-06-24 Thread mls
Summary of all book recommendations received so far. Thanks to all folks who replied to me on and off the list! [EMAIL PROTECTED] wrote: > Any recommendation for a good book that covers Tomcat and other > related open source technologies? More from an application > developers point of view... [SN

Book recommendation

2002-06-21 Thread mls
Any recommendation for a good book that covers Tomcat and other related open source technologies? More from an application developers point of view as to how various components fit together rather than sysadmin details or exhaustive details about any one particular thing (say JBoss, Servlet etc).

Re: any jsp/servlet based groupware solutions out there?

2002-05-15 Thread mls
Rick Fincher wrote: > I'm sure a lot of folks have little thangs like that that we can > pool and make a nice Tomcat office productivity pack. Tomcat productivity pack sounds like a great idea! As a start to that, it might be helpful to know what kinds of applications folks might find useful on t

Re: any jsp/servlet based groupware solutions out there?

2002-05-14 Thread mls
Since subscribing to Tomcat Users list (about a week - rather short time period for generalizing!) have noticed mostly administrative / configuration related stuff posted here. The actual "use" (in terms of jsp/servlet that you seem interested in) seems seldom(?) discussed here. What specific t