-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robert,
Robert Koberg wrote:
On Feb 6, 2009, at 4:45 PM, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dave,
Dave Pawson wrote:
Only one aspect of security Rob.
As needed I'll look at others later.
Can you
Dave Pawson wrote:
Rob, Christopher, Andre.
Thanks for the input.
As I said to Rob, security is not an issue at the present time.
There is no value in the content returned by the 'server' / end point;
I'm not trying to make it secure. Just respond less than
I otherwise might.
Ok, then let me
2009/2/7 André Warnier a...@ice-sa.com:
You may even find a ready-made servlet filter that could do that (and many
other things besides) here :
http://www.tuckey.org/urlrewrite/
Looks useful. Tks
A servlet filter does not modify (or require you to modify) the application
in any way; it
Thanks Andre. That paints a good picture!
Only generality I'd like to add. The general purpose of my-app web.xml and
'all apps' web.xml. Is it TC 'configuration' (Chaz isn't going to like
that, but I
do like an overview, even if it's only 80%). I'm saying config, since
it provides
response mime
From: Dave Pawson [mailto:dave.paw...@gmail.com]
Subject: Re: TC6 ${CATALINA_HOME}/conf/web.xml Is this the
place to constrain the mime type?
Unless the client specifies that one single mime
type (and no other), I want to reject it
Unless you have an extremely specialized client in mind,
2009/2/6 Caldarale, Charles R chuck.caldar...@unisys.com:
From: Dave Pawson [mailto:dave.paw...@gmail.com]
Subject: Re: TC6 ${CATALINA_HOME}/conf/web.xml Is this the
place to constrain the mime type?
I'm coming down in favour of a valve, rather than a filter,
to make it container specific,
Well, I'n not Chuck, but to answer your question:
On Fri, Feb 6, 2009 at 11:39 AM, Dave Pawson dave.paw...@gmail.com wrote:
Is a filter the right TC tool for that Charles?
Yes
Rgds
Gregor
--
just because your paranoid, doesn't mean they're not after you...
gpgp-fp:
From: Dave Pawson [mailto:dave.paw...@gmail.com]
I'm coming down in favour of a valve, rather than a filter,
to make it container specific,
Which is a good reason not to use a valve. Unless you need
access to Tomcat internals, use a filter.
? Unclear why Charles?
To make it 'filter'
On Feb 6, 2009, at 10:20 AM, Dave Pawson wrote:
2009/2/6 Caldarale, Charles R chuck.caldar...@unisys.com:
From: Dave Pawson [mailto:dave.paw...@gmail.com]
Subject: Re: TC6 ${CATALINA_HOME}/conf/web.xml Is this the
place to constrain the mime type?
I'm coming down in favour of a valve, rather
From: Dave Pawson [mailto:dave.paw...@gmail.com]
Subject: Re: TC6 ${CATALINA_HOME}/conf/web.xml Is this the
place to constrain the mime type?
? Unclear why Charles?
1) Filter specifications are documened.
2) Filters are not subject to change with every Tomcat release.
To make it 'filter'
From: Dave Pawson [mailto:dave.paw...@gmail.com]
Subject: Re: TC6 ${CATALINA_HOME}/conf/web.xml Is this the
place to constrain the mime type?
I'm coming down in favour of a valve, rather than a filter,
to make it container specific,
Which is a good reason not to use a valve. Unless you
2009/2/6 Caldarale, Charles R chuck.caldar...@unisys.com:
From: Dave Pawson [mailto:dave.paw...@gmail.com]
Subject: Re: TC6 ${CATALINA_HOME}/conf/web.xml Is this the
place to constrain the mime type?
Unless the client specifies that one single mime
type (and no other), I want to reject it
2009/2/6 Robert Koberg r...@koberg.com:
Which is a good reason not to use a valve. Unless you need access to
Tomcat internals, use a filter.
? Unclear why Charles?
To make it 'filter' all server traffic?
AFAIK I don't need access to any internals.
You seem to be making this much more
2009/2/5 Caldarale, Charles R chuck.caldar...@unisys.com:
From: Dave Pawson [mailto:dave.paw...@gmail.com]
Subject: Re: TC6 ${CATALINA_HOME}/conf/web.xml Is this the
place to constrain the mime type?
Unless the client requests application/xml I want to refuse the
request.
I don't think you
2009/2/6 Caldarale, Charles R chuck.caldar...@unisys.com:
From: Dave Pawson [mailto:dave.paw...@gmail.com]
Subject: Re: TC6 ${CATALINA_HOME}/conf/web.xml Is this the
place to constrain the mime type?
? Unclear why Charles?
1) Filter specifications are documented.
2) Filters are not
From: Dave Pawson [mailto:dave.paw...@gmail.com]
Subject: Re: TC6 ${CATALINA_HOME}/conf/web.xml Is this the
place to constrain the mime type?
2.4 final or
2.5 maint release.
which is TC 6 compliant to please?
RTFM:
http://tomcat.apache.org/
It's on the *first* page...
- Chuck
THIS
From: Dave Pawson [mailto:dave.paw...@gmail.com]
Subject: Re: TC6 ${CATALINA_HOME}/conf/web.xml Is this the
place to constrain the mime type?
Is it TC 'configuration' I'm saying config, since
it provides response mime types, params etc.
Strictly speaking, it's not Tomcat configuration, but
Dave Pawson wrote:
Thanks Andre. That paints a good picture!
Only generality I'd like to add. The general purpose of my-app web.xml and
'all apps' web.xml. Is it TC 'configuration' (Chaz isn't going to like
that, but I
do like an overview, even if it's only 80%). I'm saying config, since
it
Dave Pawson wrote:
2009/2/6 Caldarale, Charles R chuck.caldar...@unisys.com:
From: Dave Pawson [mailto:dave.paw...@gmail.com]
Subject: Re: TC6 ${CATALINA_HOME}/conf/web.xml Is this the
place to constrain the mime type?
Unless the client specifies that one single mime
type (and no other), I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dave,
Dave Pawson wrote:
Only one aspect of security Rob.
As needed I'll look at others later.
Can you suggest alternatives to achieve what I want, rather than something
else?
Instead of using Accept header with a magic content-type, how about
On Feb 6, 2009, at 4:45 PM, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dave,
Dave Pawson wrote:
Only one aspect of security Rob.
As needed I'll look at others later.
Can you suggest alternatives to achieve what I want, rather than
something else?
Instead of
Rob, Christopher, Andre.
Thanks for the input.
As I said to Rob, security is not an issue at the present time.
There is no value in the content returned by the 'server' / end point;
I'm not trying to make it secure. Just respond less than
I otherwise might.
Thanks for the 'lecture' Andre. I now
I want to 'reject' (if that's the right word) any http get
with mime type != application/xml
I see in web.xml in the conf directory
mime-mapping
extensionxml/extension
mime-typeapplication/xml/mime-type
/mime-mapping
Is this the right place to do it please?
regards
--
From: Dave Pawson [mailto:dave.paw...@gmail.com]
Subject: TC6 ${CATALINA_HOME}/conf/web.xml Is this the place
to constrain the mime type?
I want to 'reject' (if that's the right word) any http get
with mime type != application/xml
Do you mean .html and .jsp are not valid? That might make
2009/2/5 Caldarale, Charles R chuck.caldar...@unisys.com:
From: Dave Pawson [mailto:dave.paw...@gmail.com]
Subject: TC6 ${CATALINA_HOME}/conf/web.xml Is this the place
to constrain the mime type?
I want to 'reject' (if that's the right word) any http get
with mime type != application/xml
On Feb 5, 2009, at 1:28 PM, Caldarale, Charles R wrote:
From: Dave Pawson [mailto:dave.paw...@gmail.com]
Subject: TC6 ${CATALINA_HOME}/conf/web.xml Is this the place
to constrain the mime type?
I want to 'reject' (if that's the right word) any http get
with mime type != application/xml
The
On Feb 5, 2009, at 1:36 PM, Dave Pawson wrote:
2009/2/5 Caldarale, Charles R chuck.caldar...@unisys.com:
From: Dave Pawson [mailto:dave.paw...@gmail.com]
Subject: TC6 ${CATALINA_HOME}/conf/web.xml Is this the place
to constrain the mime type?
I want to 'reject' (if that's the right word) any
Hi Rob
2009/2/5 Robert Koberg r...@koberg.com:
On Feb 5, 2009, at 1:28 PM, Caldarale, Charles R wrote:
From: Dave Pawson [mailto:dave.paw...@gmail.com]
Subject: TC6 ${CATALINA_HOME}/conf/web.xml Is this the place
to constrain the mime type?
I want to 'reject' (if that's the right word)
From: Dave Pawson [mailto:dave.paw...@gmail.com]
Subject: Re: TC6 ${CATALINA_HOME}/conf/web.xml Is this the
place to constrain the mime type?
Unless the client requests application/xml I want to refuse the
request.
I don't think you quite appreciate the situation yet. An HTTP client does
Dave Pawson wrote:
Hi Rob
2009/2/5 Robert Koberg r...@koberg.com:
On Feb 5, 2009, at 1:28 PM, Caldarale, Charles R wrote:
From: Dave Pawson [mailto:dave.paw...@gmail.com]
Subject: TC6 ${CATALINA_HOME}/conf/web.xml Is this the place
to constrain the mime type?
Just to clear up your
From: André Warnier [mailto:a...@ice-sa.com]
Subject: Re: TC6 ${CATALINA_HOME}/conf/web.xml Is this the
place to constrain the mime type?
(*) Of course if the browser is IE, it doesn't matter anyway,
because IE will not believe what the server tells it and do
its own thing.
Now that part
31 matches
Mail list logo
