when i change the shutdown attribute to shutdown1 or others,it could not be
done.
I should also to enter the default value SHUTDOWN,then it work well.
so what i want to say is,the shutdown attribute can't use.and the same
thing is append at the address attribute.
I found this problem at Tomcat
Hi
I am using this within tomcat-6.0.36.B.RELEASE contained in STS tcServer.
Here is my spring config as well.
bean id=ppfeDataSource class=org.apache.tomcat.jdbc.pool.DataSource
destroy-method=close
property name=driverClassName
oh sorry,the shutdown is work well, but the address still can not work
2013/4/17 付进军 fujin...@gmail.com
when i change the shutdown attribute to shutdown1 or others,it could not
be done.
I should also to enter the default value SHUTDOWN,then it work well.
so what i want to say is,the
2013/4/16 Kiren Pillay kirenpill...@gmail.com
Hi All,
I am using the tomcat-jdpc-pool from within my spring application. I am
noticing a discrepancy between the numActive/numIdle values that the pool
reports versus the actual number of established connections to the
database.
For example,
I've figured out the problem. The Driver had a built in Datasource which was
doing its own pooling management, hence keeping connections open even though
the tomcat-pool saw them as closed. In effect I had a datasource pool within
a datasource. Removing the connection attribute solved the problem.
when I copy new version of myWebApp.war into webapps directory my context
from
conf/Catalina/localhost/ disappears (this context was manually created by
me),
maybe tomcat first deletes war, and also delete corresponding context file,
is there any way to prevent it ?
how should such update be done
Jakub 1983 wrote:
when I copy new version of myWebApp.war into webapps directory my context
from
conf/Catalina/localhost/ disappears (this context was manually created by
me),
maybe tomcat first deletes war, and also delete corresponding context file,
is there any way to prevent it ?
how should
On Tue, Apr 16, 2013 at 01:57:55PM -0300, chris derham wrote:
Or, another way of looking at this would be that for every 40 servers
scanned without a 404 delay, the same bot infrastructure within the same
time would only be able to scan 1 server if a 1 s 404 delay was implemented
by 50% of
On Tue, Apr 16, 2013 at 08:25:06PM +0200, Jakub 1983 wrote:
When is it useful to define context.xml in some other place than at
/META-INF/context.xml inside the application files ?
When do you usually do it ?
Is it frequently used ?
I am not asking about theoretical possibilities, but how
Hi Chuck,
After reviewing the APRConnector documentation, I am still receiving the
errors involving the SSL Certificate and do not understand where the issue is
being generated. I have attached a copy of my current server.xml file and
screenshots of the errors I am receiving upon start up.
-Original Message-
From: André Warnier [mailto:a...@ice-sa.com]
Subject: Re: Tomcat access log reveals hack attempt: HEAD /manager/html
HTTP/1.0 404
That's the idea. That is one reason why I brought this discussion here : to
check if, if the default factory setting was for example 1000
Yes. But someone *does* own the botted computers, and their own
operations are slightly affected. I have wondered if there is some
way to make a bot so intrusive that many more owners will ask
themselves, why is my computer so slow/weird/whatever? I'd better
get it looked at. Maybe I
Chris,
On Wed, Apr 17, 2013 at 1:11 AM, Christopher Schultz
ch...@christopherschultz.net wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Vidyadhar,
On 4/16/13 1:14 PM, Techienote com wrote:
With default setting we were getting frequent OOM errors. After
analyzing the heap dump
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Howard,
On 4/16/13 6:52 PM, Howard W. Smith, Jr. wrote:
just today, i recognized a query, such as following which was
performing very poorly, even though the JOIN was on a
primary/foreign key, and ORDER BY on primary key (which 'should' be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
付进军,
On 4/17/13 4:06 AM, 付进军 wrote:
oh sorry,the shutdown is work well, but the address still can not
work
Please give an example of your configuration. What did you try, and
why do you think it does not work?
- -chris
-BEGIN PGP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
James,
On 4/17/13 10:12 AM, James Snider wrote:
After reviewing the APRConnector documentation, I am still
receiving the errors involving the SSL Certificate and do not
understand where the issue is being generated. I have attached a
copy
Dear Tomcat Users
Forgive me for saying this (and unless I am still misinformed after
scouring the Internet for a solution), the Tomcat app server seems
wholly inadequate for the demands of modern multi-tenant SAAS
applications. Multi-tenant SAAS apps are supposed to be light weight and
have
Leo Donahue - RDSA IT wrote:
-Original Message-
From: André Warnier [mailto:a...@ice-sa.com]
Subject: Re: Tomcat access log reveals hack attempt: HEAD /manager/html
HTTP/1.0 404
That's the idea. That is one reason why I brought this discussion here : to
check if, if the default
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
André,
On 4/17/13 1:27 PM, André Warnier wrote:
Leo Donahue - RDSA IT wrote:
-Original Message- From: André Warnier
[mailto:a...@ice-sa.com] Subject: Re: Tomcat access log reveals
hack attempt: HEAD /manager/html HTTP/1.0 404
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 4/17/13 8:49 AM, Mark H. Wood wrote:
Yes. But someone *does* own the botted computers, and their own
operations are slightly affected. I have wondered if there is
some way to make a bot so intrusive that many more owners will ask
-Original Message-
From: André Warnier [mailto:a...@ice-sa.com]
Sent: Wednesday, April 17, 2013 10:28 AM
To: Tomcat Users List
Subject: Re: Tomcat access log reveals hack attempt: HEAD /manager/html
HTTP/1.0 404
Leo Donahue - RDSA IT wrote:
-Original Message-
From: André Warnier
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Jamie,
On 4/17/13 1:28 PM, Jamie wrote:
Dear Tomcat Users
Forgive me for saying this (and unless I am still misinformed
after scouring the Internet for a solution), the Tomcat app server
seems wholly inadequate for the demands of modern
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Subject: Re: Tomcat access log reveals hack attempt: HEAD /manager/html
HTTP/1.0 404
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 4/17/13 8:49 AM, Mark H. Wood wrote:
Yes. But someone *does*
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Vidyadhar,
On 4/17/13 10:56 AM, Techienote com wrote:
Chris,
On Wed, Apr 17, 2013 at 1:11 AM, Christopher Schultz
ch...@christopherschultz.net wrote:
Vidyadhar,
On 4/16/13 1:14 PM, Techienote com wrote:
With default setting we were
Andre, thx for you reply.
My war has no /META-INF/context.xml, here is piece of server.xml:
Host name=localhost appBase=C:\test\catalina_base\webapps
unpackWARs=true autoDeploy=true deployOnStartup=true
deployXML=false
even with deployXML=false my jdbc.context if removed
Chris,
First of all thanks for the infor.
On Wed, Apr 17, 2013 at 11:31 PM, Christopher Schultz
ch...@christopherschultz.net wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Vidyadhar,
On 4/17/13 10:56 AM, Techienote com wrote:
Chris,
On Wed, Apr 17, 2013 at 1:11 AM,
From: Leo Donahue - RDSA IT [mailto:leodona...@mail.maricopa.gov]
Subject: RE: Tomcat access log reveals hack attempt: HEAD /manager/html
HTTP/1.0 404
So you are saying it could be possible to know in advance that certain
requests are for repeated requests of nothing or being made by a
chris derham wrote:
Yes. But someone *does* own the botted computers, and their own
operations are slightly affected. I have wondered if there is some
way to make a bot so intrusive that many more owners will ask
themselves, why is my computer so slow/weird/whatever? I'd better
get it looked
2013/4/10 Howard W. Smith, Jr. smithh032...@gmail.com:
Every now and then, I like to review localhost_access_log files, just to
see who might be trying to access my web app, running on TomEE 1.6.0
snapshot (Tomcat 7.0.39). So, a few minutes ago, I saw the following in the
log:
113.11.200.30
Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
André,
On 4/17/13 1:27 PM, André Warnier wrote:
Leo Donahue - RDSA IT wrote:
-Original Message- From: André Warnier
[mailto:a...@ice-sa.com] Subject: Re: Tomcat access log reveals
hack attempt: HEAD
Leo Donahue - RDSA IT wrote:
-Original Message-
From: André Warnier [mailto:a...@ice-sa.com]
Sent: Wednesday, April 17, 2013 10:28 AM
To: Tomcat Users List
Subject: Re: Tomcat access log reveals hack attempt: HEAD /manager/html
HTTP/1.0 404
Leo Donahue - RDSA IT wrote:
-Original
Konstantin Kolinko wrote:
2013/4/10 Howard W. Smith, Jr. smithh032...@gmail.com:
Every now and then, I like to review localhost_access_log files, just to
see who might be trying to access my web app, running on TomEE 1.6.0
snapshot (Tomcat 7.0.39). So, a few minutes ago, I saw the following in
-Original Message-
From: André Warnier [mailto:a...@ice-sa.com]
Subject: Re: Tomcat access log reveals hack attempt: HEAD /manager/html
HTTP/1.0 404
So you are saying it could be possible to know in advance that certain
requests are for repeated requests of nothing or being made by a
On 17/04/2013 18:28, Jamie wrote:
Dear Tomcat Users
Forgive me for saying this (and unless I am still misinformed after
scouring the Internet for a solution), the Tomcat app server seems
wholly inadequate for the demands of modern multi-tenant SAAS
applications. Multi-tenant SAAS apps are
On 17/04/2013 10:35, Jakub 1983 wrote:
when I copy new version of myWebApp.war into webapps directory my context
from
conf/Catalina/localhost/ disappears (this context was manually created by
me),
What, exactly, are you doing? For example, copy and overwrite has very
different behaviour (at
Hi Chris,
Thanks for your help!
I have reinstalled Apache Tomcat with the tcnative library and I am not
receiving the SSL certificate errors as seen earlier. But I am now receiving
the following errors upon startup:
Apr 17, 2013 3:13:58 PM org.apache.catalina.startup.SetAllPropertiesRule
Leo Donahue - RDSA IT wrote:
-Original Message-
From: André Warnier [mailto:a...@ice-sa.com]
Subject: Re: Tomcat access log reveals hack attempt: HEAD /manager/html
HTTP/1.0 404
So you are saying it could be possible to know in advance that certain
requests are for repeated requests
Leo Donahue - RDSA IT wrote:
...
[Way OT...]
If you get this to work, then the next place you can take this idea is to the
phone company. Why should my phone even ring at all if I know the caller is
from an 800 number... or from some other list of people I don't care to talk to
... I would
On Wed, Apr 17, 2013 at 10:45 AM, chris derham ch...@derham.me.uk wrote:
The OWASP recommendations for securing tomcat suggest removing all items
under
catalina_home/webapps as a first step. Just a thought.
The first step an attacker performs when conducting a focused attack,
is to map out
-Original Message-
From: André Warnier [mailto:a...@ice-sa.com]
Subject: Re: [OT] Tomcat access log reveals hack attempt: HEAD
/manager/html HTTP/1.0 404
Leo Donahue - RDSA IT wrote:
...
[Way OT...]
If you get this to work, then the next place you can take this idea is to the
phone
On Wed, Apr 17, 2013 at 1:59 PM, Leo Donahue - RDSA IT
leodona...@mail.maricopa.gov wrote:
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Subject: Re: Tomcat access log reveals hack attempt: HEAD /manager/html
HTTP/1.0 404
People *do* do this
On Wed, Apr 17, 2013 at 2:39 PM, André Warnier a...@ice-sa.com wrote:
Some other calculations :
According to the same Netcraft site, of the 600 million websites, 60% are
Apache (I guess that this includes httpd and Tomcat (or else Tomcat is in
others).
This is good to know, and honestly,
On Wed, Apr 17, 2013 at 3:45 PM, Leo Donahue - RDSA IT
leodona...@mail.maricopa.gov wrote:
Not knowing anything about the history of the HTTP 404 method, if a server
does not find a matching request URI, why was it decided that the protocol
would even respond at all? Seems like the request
such scenario works fine for me:
jdbc.xml in C:\test\catalina_base\conf\Catalina\localhost
Context
Resource name=jdbc/Test auth=Container type=javax.sql.DataSource
username=sa password= driverClassName=org.h2.Driver
url=jdbc:h2:tcp://localhost/databases/test1
I call ant task
target name=deploy-war depends=create-war
copy file=${target.dir}/${war.file} todir=${deploy.dir}/
/target
application is called jdbc.war, and I create jdbc.xml in
conf/Catalina/localhost/ after I deploy war and previous jdbc.xml
disappears - I create it on running
Hi.
Long and thoughtful post. Thanks.
just hope it helps move the discussion forward
Say you have a botnet composed of 100 bots, and you want (collectively) to
have them scan 100,000 hosts in total, each one for 30 known buggy URLs.
These 30 URLs are unrelated to eachother; each one of them
can I define database connection only in web.xml, without using context.xml
files ?
can I pass database url, login and password into resource-ref ?
when I define database conn in context.xml, resource-ref is not needed at
all, so what is it actually for ?
regards
Jakub
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Vidyadhar,
On 4/17/13 2:22 PM, Techienote com wrote:
We are in the plan of upgrading the tomcat with the JVM version. It
is in process but before that we need to stablize it on Tomcat 6
Tomcat is definitely not the problem, here. You can run
In the Tomcat docs pertaining to security considerations, in the server.xml
section, it talks about if the shutdown port is not disabled, a strong password
should be configured for bshutdown/b
http://tomcat.apache.org/tomcat-7.0-doc/security-howto.html#Server
In the Tomcat docs for
hi,
sorry for my english.
i just publish my web site made with java, jsp, and i'm stuck with a
problem.
my .class files is in the directory WEB-INF/classes/...
and i have the class Diversos in
WEB-INF/classes/ferramentas/Diversos.class
when i use a import comand like %@page import=ferramentas.*%
What the hell is resource-ref in web.xml used for ?
My imagination is as follows, please confirm or deny it.
resource-ref is part of servlet spec, not tomcat spec.
context.xml and it's resource declaration is private concept of tomcat, not
described by any external specificatin, jsr, etc.
From: Leo Donahue - RDSA IT [mailto:leodona...@mail.maricopa.gov]
Subject: server.xml shutdown port command string
Is the command string what is being called the password on the
security-howto page?
Yes, they're the same thing; the text should be more consistent. Note that the
shutdown
From: Jakub 1983 [jjaku...@gmail.com]
Sent: Wednesday, April 17, 2013 7:26 PM
To: Tomcat Users List
Subject: explanation of resource-ref in web.xml
What the hell is resource-ref in web.xml used for ?
I use it
From: Jakub 1983 [jjaku...@gmail.com]
Subject: resource-ref in web.xml
when I define database conn in context.xml, resource-ref is not needed at
all, so what is it actually for ?
**
You need
I have tried, and definig only Resource in context.xml is sufficient,
resource-ref in web.xml was commented, but I still could acces database
connection from jndi.
On Thu, Apr 18, 2013 at 4:38 AM, Leo Donahue - RDSA IT
leodona...@mail.maricopa.gov wrote:
On Wed, Apr 17, 2013 at 10:38 PM, Leo Donahue - RDSA IT
leodona...@mail.maricopa.gov wrote:
From: Jakub 1983 [jjaku...@gmail.com]
Sent: Wednesday, April 17, 2013 7:26 PM
To: Tomcat Users List
Subject: explanation of resource-ref in web.xml
What
From: Caldarale, Charles R [chuck.caldar...@unisys.com]
Subject: RE: server.xml shutdown port command string
From: Leo Donahue - RDSA IT [mailto:leodona...@mail.maricopa.gov]
Subject: server.xml shutdown port command string
Is the command string what
From: Leo Donahue - RDSA IT [mailto:leodona...@mail.maricopa.gov]
Subject: RE: server.xml shutdown port command string
If I am the only person deploying web apps (that I have developed), should I
still consider changing this command string value to something more complex?
Only if untrusted
On 12.04.2013, at 13:08, Jamie ja...@mailarchiva.com wrote:
Greetings!
I would like some advice with regards to deploying a web app in a
multi-tenant scenario. A while back, we had a few cloud service providers ask
us if they could host our web app as a service. Under pressure to come
59 matches
Mail list logo