Am 29.10.2010 15:29, schrieb Mark Thomas:
On 29/10/2010 14:19, Darryl Lewis wrote:
Are you serious?
Completely. If you have a scheme that encrypts the database username and
password in server.xml and provides genuine additional security over and
above limiting access to server.xml to the user
On 29/10/2010 17:15, M.Arkhypov wrote:
Dear Chuck,
thank you for your attention and reply,
we have done a few of yours advices, but without success:
We have this server.xml file:
Host name=cntest2.de appBase=webapps
unpackWARs=true autoDeploy=true
On 29/10/2010 11:49, alok kakani wrote:
Hi All,
I am working Business Objects 3.1(BOE) with tomcat being the application
server. I am new to the web application part, hence i had some doubts
We are trying to step up a BOE on 2 machines we will have tomcat
installed on both machines. We
On 30/10/2010 09:19, Christoph Kukulies wrote:
Am 29.10.2010 15:29, schrieb Mark Thomas:
On 29/10/2010 14:19, Darryl Lewis wrote:
Are you serious?
Completely. If you have a scheme that encrypts the database username and
password in server.xml and provides genuine additional security over and
On 26/10/2010 03:42, ww...@ogcio.gov.hk wrote:
Dear Sir/Madam,
Recently it has been checked that there is security vulnerability for
the tomcat (version 5.0.9) shipped with the JBoss 4.0.3SP1.
From the link below, it is recommended to upgrade to 5.5.28.
On 06/10/2010 17:20, Samuel Hofer wrote:
Hi,
I'm trying to install Apache Tomcat 6.0.29 on a Debian GNU/Linux 5.0.4
32bit with kernel release 2.6.26-2-686 with APR and SSL.
JDK 1.6.0_21
APR 1.2.9
OpenSSL 0.9.8
There seems to be a problem with the Tomcat Native library 1.1.20:
On 30/10/2010 11:49, Pid wrote:
How can I solve this problem?
If your APR really is 1.2.9, then I suspect that you need to upgrade
your APR to a newer version. Version 1.4.2 was released 2010-04-04.
APR is not the problem here. If it were then it wouldn't load at all.
I would also
Use encryption
http://java.sys-con.com/node/393364
On 30/10/10 8:41 PM, Pid p...@pidster.com wrote:
On 30/10/2010 09:19, Christoph Kukulies wrote:
Am 29.10.2010 15:29, schrieb Mark Thomas:
On 29/10/2010 14:19, Darryl Lewis wrote:
Are you serious?
Completely. If you have a scheme that
On 10/29/2010 03:29 PM, Mark Thomas wrote:
I never said passwords should never be protected. I was quite specific
that trying to encrypt usernames and passwords in server.xml (or
context.xml for that matter) for database resources is a complete waste
of time.
Agreed. If the hacker is already
From: Darryl Lewis [mailto:darryl.le...@unsw.edu.au]
Subject: Re: running tomcat6 under a different user than root (debian)
Use encryption
http://java.sys-con.com/node/393364
Sorry, that just moves the problem. The article completely ignores the issue
of where to put the decryption key -
to solve will need
web.xml
all .jsp
*.wsdl
all java files
Martin
__
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger
sein, so bitten wir
Well so far all this discussion has done is to make me realise that tomcat
should not be used in an environment that requires security.
If cracking an app will let you get passwords on another box, that is weak
security.
On 30/10/10 11:27 PM, Caldarale, Charles R chuck.caldar...@unisys.com
On 30/10/2010 13:27, Caldarale, Charles R wrote:
P.S. Interesting that the author of that article was using a Tomcat already
three years old at the time of publication; doesn't really help the somewhat
questionable credibility. (Reference implementations shouldn't be used in
production?
On 30/10/2010 15:19, Darryl Lewis wrote:
Well so far all this discussion has done is to make me realise that tomcat
should not be used in an environment that requires security.
If cracking an app will let you get passwords on another box, that is weak
security.
You are missing the point.
On 30/10/2010 12:59, Mladen Turk wrote:
On 10/29/2010 03:29 PM, Mark Thomas wrote:
I never said passwords should never be protected. I was quite specific
that trying to encrypt usernames and passwords in server.xml (or
context.xml for that matter) for database resources is a complete waste
On 30/10/2010 18:27, Mark Thomas wrote:
On 30/10/2010 15:19, Darryl Lewis wrote:
Well so far all this discussion has done is to make me realise that tomcat
should not be used in an environment that requires security.
If cracking an app will let you get passwords on another box, that is weak
On 30 Oct 2010, at 15:20, Darryl Lewis darryl.le...@unsw.edu.au wrote:
Well so far all this discussion has done is to make me realise that tomcat
should not be used in an environment that requires security.
Complete nonsense.
p
If cracking an app will let you get passwords on another
Yeah, well reasoned rebuttal therenot.
That's why we encrypt passwords in unix, or haven't you looked at etc/passwd
lately? Are you going to tell me that is complete nonsense?
According to your 'argument' that is 'security by obscurity'. You better break
that to the GNU crowd gently.
Having
From: Darryl Lewis [mailto:darryl.le...@unsw.edu.au]
Subject: Re: running tomcat6 under a different user than root (debian)
That's why we encrypt passwords in unix, or haven't you
looked at etc/passwd lately?
No, we encrypt them in Linux because the (very outmoded) /etc/passwd file is
On 10/30/2010 11:11 PM, Darryl Lewis wrote:
Yeah, well reasoned rebuttal therenot.
That's why we encrypt passwords in unix, or haven't you looked at etc/passwd
lately?
Have *you* ever looked at the etc/passwd?
First of all it is not encrypted. It contains a hash value of the password
so
On 10/30/2010 07:28 PM, Mark Thomas wrote:
On 30/10/2010 12:59, Mladen Turk wrote:
On 10/29/2010 03:29 PM, Mark Thomas wrote:
I never said passwords should never be protected. I was quite specific
that trying to encrypt usernames and passwords in server.xml (or
context.xml for that matter)
21 matches
Mail list logo
