Kerberos authentication

Hello Happy people, I'm cross-posting this to tomcat and archiva. In our company we have a well established Active Directory infrastructure, I'm running an Apache Archiva 1.3.1 installation in Tomcat 6, on Solaris 10. The OS has been Kerberos enabled and I would very much like to make use of th

Re: unable to access comm ports on apache tomcat 6.0.18

Hi friend, I can communicate with modem from othe java application.The problem is occuring only after deploy in apache tomcat. I am using ECLIPSE IDE. Ecclipse ide can run our web application using apache tomcat for debugging purpose.When i run my application from ide it is working fine but the ex

Re: unable to access comm ports on apache tomcat 6.0.18

Hi Pid, Thank you for your response. Not only for this comunication api, if i put thr jar files in WEBAPPS//WENINF/LIB it is showing the "No Class found". plese help me. Whw]at are rthe chnages i have to do? Thank you. -

RE: JSESSIONID weakness Severity in Tomcat 6.0.29?

> From: Brian [mailto:bbprefix-m...@yahoo.com] > Subject: RE: JSESSIONID weakness Severity in Tomcat 6.0.29? > I was not familiar with the options available in the > container itself. I am still not familiar indeed. Probably the best place to start researching would be sections 7 and 12 of the

RE: JSESSIONID weakness Severity in Tomcat 6.0.29?

To be honest with you, I was not familiar with the options available in the container itself. I am still not familiar indeed. > -Original Message- > From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] > Sent: Sunday, October 10, 2010 07:41 PM > To: Tomcat Users List > Subject:

RE: JSESSIONID weakness Severity in Tomcat 6.0.29?

> From: Brian [mailto:bbprefix-m...@yahoo.com] > Subject: RE: JSESSIONID weakness Severity in Tomcat 6.0.29? > It was as easy as Googling the subject, but I didn't know > what was exactly the name of it. More seriously: is there a particular reason you chose to roll your own security mechanism

RE: JSESSIONID weakness Severity in Tomcat 6.0.29?

Thanks! It was as easy as Googling the subject, but I didn't know what was exactly the name of it. > -Original Message- > From: Ken Bowen [mailto:kbo...@als.com] > Sent: Sunday, October 10, 2010 05:52 PM > To: Tomcat Users List > Subject: Re: JSESSIONID weakness Severity in Tomcat 6.0.29?

RE: JSESSIONID weakness Severity in Tomcat 6.0.29?

I must say you are right :-( But I will solve it! :-) > -Original Message- > From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] > Sent: Sunday, October 10, 2010 06:44 PM > To: Tomcat Users List > Subject: RE: JSESSIONID weakness Severity in Tomcat 6.0.29? > > > From: Brian

RE: JSESSIONID weakness Severity in Tomcat 6.0.29?

> From: Brian [mailto:bbprefix-m...@yahoo.com] > Subject: RE: JSESSIONID weakness Severity in Tomcat 6.0.29? > I'm not using either "basic" or "form". I developed my own > solution, which works great for me. Apparently not, or you wouldn't have gotten the bad security review. - Chuck THIS C

Re: JSESSIONID weakness Severity in Tomcat 6.0.29?

Google "session fixation" --> http://en.wikipedia.org/wiki/Session_fixation On Oct 10, 2010, at 6:24 PM, Brian wrote: > Mark, > > I'm not using either "basic" or "form". I developed my own solution, which > works great for me. > Assuming that the "session fixation" is my problem, what would you

RE: JSESSIONID weakness Severity in Tomcat 6.0.29?

Mark, I'm not using either "basic" or "form". I developed my own solution, which works great for me. Assuming that the "session fixation" is my problem, what would you suggest me to do? Is there any web page on the internet that explains the issue? > -Original Message- > From: Mark Thom

Re: JSESSIONID weakness Severity in Tomcat 6.0.29?

On 10/10/2010 20:59, Brian wrote: > Hi Mark, > > Do you understand exactly what vulnerability are they talking about? No. It doesn't make much sense to me at the minute. I'd ask for more specific information. > For > some reason, they have determined that I have it, even though I'm not using > J

RE: JSESSIONID weakness Severity in Tomcat 6.0.29?

Hi Mark, Do you understand exactly what vulnerability are they talking about? For some reason, they have determined that I have it, even though I'm not using Jrun but they wrongly assume I am. What do you mean exactly with "app managing its own authentication"? Sorry if it is a dumb question. I f

Re: JSESSIONID weakness Severity in Tomcat 6.0.29?

On 10/10/2010 20:32, Brian wrote: > I'm not using Jrun, but I guess the vulnerability applies also to Tomcat > 6.0.29 so they treated me as if I was using Jrun with that vulnerability. That guess has no basis in fact. > Does anybody know what should I do to solve this now? There is nothing to fi

JSESSIONID weakness Severity in Tomcat 6.0.29?

Hi, I'm using Tomcat 6.0.29. In my site, I'm using a security certificate from www.securitymetrics.com, which has been invalidated today argumenting the following reason: Description: JRun JSESSIONID weakness Severity: Potential Problem CVE: CVE-2004-147

Re: Why I am getting Malware detection in Tomcat 5.5.031

On 10/10/2010 16:48, Caldarale, Charles R wrote: >> From: Saurabh Agrawal (PSL) [mailto:saurabh_agra...@persistent.co.in] >> Subject: Why I am getting Malware detection in Tomcat 5.5.031 > >> I am trying to install apache tomcat 5.5.031 on Windows 7, >> but I am getting Malware detection by Avira

RE: Why I am getting Malware detection in Tomcat 5.5.031

> From: Saurabh Agrawal (PSL) [mailto:saurabh_agra...@persistent.co.in] > Subject: Why I am getting Malware detection in Tomcat 5.5.031 > I am trying to install apache tomcat 5.5.031 on Windows 7, > but I am getting Malware detection by Avira. You appear to have used the tar.gz download; is that

Re: [OT] Serialization

Sorry that I could not answer earlier, currently I am away from my working place. Concerning this topic I recommend to send future emails directly to my, because it is only indirectly connected with tomcat. As mentioned, details about this are described in http://www.orthuber.com/wpa.htm . It i

Why I am getting Malware detection in Tomcat 5.5.031

Hi All, I am trying to install apache tomcat 5.5.031 on Windows 7, but I am getting Malware detection by Avira. Before reporting this problem to Avira, I would like to confirm if something not suspicious in tomcat package. Can someone please confirm why this problem? and solution (if any)? If no

Re: Disable class monitoring for reloading container classes

This email contained a .zip file attachment. Raytheon does not allow email attachments that are considered likely to contain malicious code. For your protection this attachment has been removed. If this email is from an unknown source, please simply delete this email. If this email was expected

Insonsistent output of Java 5 enums

Hallo all, I'm a bit confused about how differed Java 5 enums are handled in JSPs. I have an enum that has an overridden toString() method. My JSP looks like this: Output per EL: ${myEnumValue} Output per JSTL: The output is: Output per EL: VALID Output per JSTL: valid result, code 0 The

Re: Fw: Applet Servlet communication in Tomcat 7

On 10/10/2010 07:52, Ram karthik wrote: > > From: Warren Henning > To: Tomcat Users List > Sent: Sun, October 10, 2010 10:42:20 AM > Subject: Re: Fw: Applet Servlet communication in Tomcat 7 > > On Sat, Oct 9, 2010 at 7:43 PM, Ram karthik wrote: >> basic: Apple