Re: Strange MySQL error when starting tomcat 8 on boot

[Mark Eggers]

On 8/5/2016 2:19 PM, Sean Son wrote:
> Hello!
> 
> I am currently running Tomcat 8 on RHEL 7.2 with one web application
> called AppVet (A mobile Application  Vetting program).  The
> application works well but when I tried to use a script to allow
> tomcat to start up at boot, the webapp gives an authentication error.
> I saw the following error in the logs for appvet:
> 
> 
> [ERROR] Could not connect to database: 
> com.mysql.jdbc.exceptions.jdbc4.CommunicationsException:
> Communications link failure
> 
> The last packet sent successfully to the server was 0 milliseconds
> ago. The driver has not received any packets from the server. Make
> sure your MySQL password in your AppVetProperties.xml file is
> correct
> 
> 
> I know for a fact that the MySQL password is correct in that XML
> file. I double checked it already.  Any ideas on how I should fix
> this error?
> 
> This is the script that I am using for startup/shutdown of Tomcat8 on
> boot:
> 
> http://pastebin.com/mrvfDtTD
> 
> Thanks!
> 
> Sean
> 

It appears that your Tomcat process is running as root. Do not do this.

Is your MySQL server up and running before Tomcat is started?

. . . just my two cents
/mde/



signature.asc
Description: OpenPGP digital signature

Strange MySQL error when starting tomcat 8 on boot

[Sean Son]

Hello!

I am currently running Tomcat 8 on RHEL 7.2 with one web application called
AppVet (A mobile Application  Vetting program).  The application works well
but when I tried to use a script to allow tomcat to start up at boot, the
webapp gives an authentication error. I saw the following error in the logs
for appvet:


[ERROR] Could not connect to database:
com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications
link failure

The last packet sent successfully to the server was 0 milliseconds ago. The
driver has not received any packets from the server.
Make sure your MySQL password in your AppVetProperties.xml file is correct


I know for a fact that the MySQL password is correct in that XML file. I
double checked it already.  Any ideas on how I should fix this error?

This is the script that I am using for startup/shutdown of Tomcat8 on boot:

http://pastebin.com/mrvfDtTD

Thanks!

Sean

Re: Release Dates

[Violeta Georgieva]

Hi,

The date for the latest release is just above the change log. For 7.0.70
it is June 15, 2016.

Regards,
Violeta

On Friday, 5 August 2016, Salvatore Bellassai <
sbellas...@foxguardsolutions.com> wrote:

> Violeta,
>
> I did find that before I posted in the mailing list, but there is no
> release
> date for 7.0.70. 70.069 and previous all appear to have release dates, but
> there was no date for 7.0.70.
>
> Was this just an error?
>
> Thank you for your help.
>
> > -Original Message-
> > From: Violeta Georgieva [mailto:violet...@apache.org ]
> > Sent: Friday, August 5, 2016 11:13 AM
> > To: Tomcat Users List >
> > Subject: Re: Release Dates
> >
> > Hi,
> >
> > Check the change log [1].
> > There you can find the release dates.
> >
> > Regards,
> > Violeta
> >
> > [1] http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
> >
> > On Friday, 5 August 2016, Salvatore Bellassai <
> > sbellas...@foxguardsolutions.com > wrote:
> >
> > > Hello,
> > >
> > > I was hoping someone could tell me where Release Dates can be obtained
> > > for Tomcat 7.0?
> > >
> > > Thank you.
> > >
> > > Salvatore "Trace" Bellassai
> > > Security Technician, FoxGuard Solutions, Inc.
> > > (O) (540) 382-4234 x222
> > > sbellas...@foxguardsolutions.com  
> > > 105 Industrial Drive, Christiansburg, VA 24073
> > >
> > > www.FoxGuardSolutions.com
> > > Cyber Security | Compliance | Industrial Computing
> > >
> > >
>

RE: Release Dates

[Salvatore Bellassai]

Violeta,

I did find that before I posted in the mailing list, but there is no release 
date for 7.0.70. 70.069 and previous all appear to have release dates, but 
there was no date for 7.0.70.

Was this just an error?

Thank you for your help.

> -Original Message-
> From: Violeta Georgieva [mailto:violet...@apache.org]
> Sent: Friday, August 5, 2016 11:13 AM
> To: Tomcat Users List 
> Subject: Re: Release Dates
>
> Hi,
>
> Check the change log [1].
> There you can find the release dates.
>
> Regards,
> Violeta
>
> [1] http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
>
> On Friday, 5 August 2016, Salvatore Bellassai <
> sbellas...@foxguardsolutions.com> wrote:
>
> > Hello,
> >
> > I was hoping someone could tell me where Release Dates can be obtained
> > for Tomcat 7.0?
> >
> > Thank you.
> >
> > Salvatore "Trace" Bellassai
> > Security Technician, FoxGuard Solutions, Inc.
> > (O) (540) 382-4234 x222
> > sbellas...@foxguardsolutions.com 
> > 105 Industrial Drive, Christiansburg, VA 24073
> >
> > www.FoxGuardSolutions.com
> > Cyber Security | Compliance | Industrial Computing
> >
> >


smime.p7s
Description: S/MIME cryptographic signature

Re: Release Dates

[Violeta Georgieva]

Hi,

Check the change log [1].
There you can find the release dates.

Regards,
Violeta

[1] http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

On Friday, 5 August 2016, Salvatore Bellassai <
sbellas...@foxguardsolutions.com> wrote:

> Hello,
>
> I was hoping someone could tell me where Release Dates can be obtained for
> Tomcat 7.0?
>
> Thank you.
>
> Salvatore "Trace" Bellassai
> Security Technician, FoxGuard Solutions, Inc.
> (O) (540) 382-4234 x222
> sbellas...@foxguardsolutions.com 
> 105 Industrial Drive, Christiansburg, VA 24073
>
> www.FoxGuardSolutions.com
> Cyber Security | Compliance | Industrial Computing
>
>

Re: Release Dates

[Ben Stringer]

The archives may be useful. Assuming you mean historical release dates. 

http://archive.apache.org/dist/tomcat/tomcat-7/

Cheers, Ben

> On 6 Aug 2016, at 12:37 AM, Salvatore Bellassai 
>  wrote:
> 
> Hello,
> 
> I was hoping someone could tell me where Release Dates can be obtained for
> Tomcat 7.0?
> 
> Thank you.
> 
> Salvatore "Trace" Bellassai
> Security Technician, FoxGuard Solutions, Inc.
> (O) (540) 382-4234 x222
> sbellas...@foxguardsolutions.com
> 105 Industrial Drive, Christiansburg, VA 24073
> 
> www.FoxGuardSolutions.com
> Cyber Security | Compliance | Industrial Computing
> 

Re: Release Dates

[Jason D. Burkert]

This may help.

http://tomcat.markmail.org/search/?q=Apache%20Tomcat%20released

-Jason

On 2016-08-05 10:37 AM, Salvatore Bellassai wrote:

Hello,

I was hoping someone could tell me where Release Dates can be obtained for
Tomcat 7.0?

Thank you.

Salvatore "Trace" Bellassai
Security Technician, FoxGuard Solutions, Inc.
(O) (540) 382-4234 x222
sbellas...@foxguardsolutions.com
105 Industrial Drive, Christiansburg, VA 24073

www.FoxGuardSolutions.com
Cyber Security | Compliance | Industrial Computing






smime.p7s
Description: S/MIME Cryptographic Signature

Re: why does Rfc6265CookieProcessor throw an IllegalArgumentException when setting a cookie with a domain attribute starting with a . ?

[Mark Thomas]

On 5 August 2016 13:48:03 BST, Clemens Fuchs  wrote:
>Hi,
> 
>Why does Rfc6265CookieProcessor throw an IllegalArgumentException when
>setting a cookie with a domain attribute starting with a . ?

Because RFC6265 does not allow domains to start with .

>I didn't find anything in https://tools.ietf.org/html/rfc6265 about
>this

Then you need to read it more carefully. Hint: you'll need to read other specs 
as well since RFC6265 refers to them to define domain. 

> and think the Rfc6265CookieProcessor might be to restrictive here.

You'll need to back up that statement with references to the spec that support 
that position. 

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomat8.5 write logs with incorret os permission

[Daniel Savard]

To me, it appears as false problem. I don't see why the change to the
permissions on the log file is so critical for the security. You can simply
set appropriately the permissions on the directory where the log files are
written if you don't want anyone to look at them. You can use ACL if your
OS support them. You can use umask to change the default behavior.

If security of log files is critical for your application, you should take
time to design the logging appropriately and don't expect someone else to
take care of all your concerns for you.


-
Daniel Savard

2016-08-05 7:24 GMT-04:00 André Warnier (tomcat) :

> Hi.
>
> On 05.08.2016 08:00, 韭菜 wrote:
>
>> Definitely a bad idea to relax the default permissions back to where they
>>> were.  If you want to expose your own system to abuse, you can set umask as
>>> documented in the changelog.
>>>
>> Is there a way to like config some param to force tomcat write logs in
>> old way ?and could you please give me a doc url about how set umask for
>> tomcat run user ？
>>
>>
> You might want to start here :
>
> http://lmgtfy.com/?q=linux+umask+command
>
> Then, you may need to find out which command or shell script, *on your
> Linux system*, is starting Tomcat, and insert the desired umask command
> there.
>
> But please consider the remarks made previously by Chuck.
> Logfiles may contain information which you do not want to disclose to
> other than a system administrator.  By making these files widely readable,
> you weaken the security of your whole server and perhaps much more.
>
> Be aware also, that by setting the umask for the Tomcat process, you are
> influencing the permissions of *any* file which Tomcat itself, or any
> Tomcat webapp would create.
>
>
>
>>
>>
>> -- Original --
>> From: "Caldarale, Charles R";
>> Date: 2016年8月5日(星期五) 中午12:25
>> To: "Tomcat Users List";
>> Subject: RE: tomat8.5 write logs with incorret os permission
>>
>>
>>
>> From: 韭菜 [mailto:jiu...@qq.com]
>>> Subject: tomat8.5 write logs with incorret os permission
>>>
>>
>> When using tomcat8.0, it starts and write logs as follows:
>>> (apache-tomcat-8.0.x) -rw-rw-r-- 1 app app 873710 Aug  4 20:08
>>> catalina.log
>>> When using tomcat8.5.x (include tomcat 9.0.x), it starts and write logs
>>> as follows:
>>> (apache-tomcat-8.5.4) -rw-r- 1 app app 100824 Aug  4 20:10
>>> catalina.log
>>>
>>
>> A highly appropriate change, much needed to prevent untrusted users from
>> accessing private information in the log.
>>
>> So, tomcat8.5 caused other os users can not read its logs and webapps
>>> logs that deployed
>>> at tomcat8.5. the logs files should has permission 664, not 640.
>>>
>>
>> Definitely not a good idea.
>>
>> I thinks it is not good for java webapp devlopers ,  when my web app
>>> write logs as
>>> data log, the logs files can not rsync by other users and hosts.
>>>
>>
>> As it should be.
>>
>> but it works at tomcat7.0.x and tomcat8.0.x
>>>
>>
>> "Works" is your definition; any site interested at all in secure
>> operations would consider the old permissions to be dangerous and broken.
>>
>> So I asked users to require further support for tomcat8.x write log files
>>> feature.
>>>
>>
>> Definitely a bad idea to relax the default permissions back to where they
>> were.  If you want to expose your own system to abuse, you can set umask as
>> documented in the changelog.
>>
>>   - Chuck
>>
>>
>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
>> MATERIAL and is thus for use only by the intended recipient. If you
>> received this in error, please contact the sender and delete the e-mail and
>> its attachments from all computers.
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Release Dates

[Salvatore Bellassai]

Hello,

I was hoping someone could tell me where Release Dates can be obtained for
Tomcat 7.0?

Thank you.

Salvatore "Trace" Bellassai
Security Technician, FoxGuard Solutions, Inc.
(O) (540) 382-4234 x222
sbellas...@foxguardsolutions.com
105 Industrial Drive, Christiansburg, VA 24073

www.FoxGuardSolutions.com
Cyber Security | Compliance | Industrial Computing



smime.p7s
Description: S/MIME cryptographic signature

why does Rfc6265CookieProcessor throw an IllegalArgumentException when setting a cookie with a domain attribute starting with a . ?

[Clemens Fuchs]

Hi,
 
Why does Rfc6265CookieProcessor throw an IllegalArgumentException when setting 
a cookie with a domain attribute starting with a . ?
I didn't find anything in https://tools.ietf.org/html/rfc6265 about this and 
think the Rfc6265CookieProcessor might be to restrictive here.
 
thx,
Clemens

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomat8.5 write logs with incorret os permission

[tomcat]

Hi.

On 05.08.2016 08:00,  wrote:

Definitely a bad idea to relax the default permissions back to where they were. 
 If you want to expose your own system to abuse, you can set umask as 
documented in the changelog.

Is there a way to like config some param to force tomcat write logs in old way 
?and could you please give me a doc url about how set umask for tomcat run user 
??



You might want to start here :

http://lmgtfy.com/?q=linux+umask+command

Then, you may need to find out which command or shell script, *on your Linux system*, is 
starting Tomcat, and insert the desired umask command there.


But please consider the remarks made previously by Chuck.
Logfiles may contain information which you do not want to disclose to other than a system 
administrator.  By making these files widely readable, you weaken the security of your 
whole server and perhaps much more.


Be aware also, that by setting the umask for the Tomcat process, you are influencing the 
permissions of *any* file which Tomcat itself, or any Tomcat webapp would create.






-- Original --
From: "Caldarale, Charles R";
Date: 2016??8??5??(??) 12:25
To: "Tomcat Users List";
Subject: RE: tomat8.5 write logs with incorret os permission




From:  [mailto:jiu...@qq.com]
Subject: tomat8.5 write logs with incorret os permission



When using tomcat8.0, it starts and write logs as follows:
(apache-tomcat-8.0.x) -rw-rw-r-- 1 app app 873710 Aug  4 20:08 catalina.log
When using tomcat8.5.x (include tomcat 9.0.x), it starts and write logs as 
follows:
(apache-tomcat-8.5.4) -rw-r- 1 app app 100824 Aug  4 20:10 catalina.log


A highly appropriate change, much needed to prevent untrusted users from 
accessing private information in the log.


So, tomcat8.5 caused other os users can not read its logs and webapps logs that 
deployed
at tomcat8.5. the logs files should has permission 664, not 640.


Definitely not a good idea.


I thinks it is not good for java webapp devlopers ,  when my web app write logs 
as
data log, the logs files can not rsync by other users and hosts.


As it should be.


but it works at tomcat7.0.x and tomcat8.0.x


"Works" is your definition; any site interested at all in secure operations 
would consider the old permissions to be dangerous and broken.


So I asked users to require further support for tomcat8.x write log files 
feature.


Definitely a bad idea to relax the default permissions back to where they were. 
 If you want to expose your own system to abuse, you can set umask as 
documented in the changelog.

  - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re:RE: tomat8.5 write logs with incorret os permission

[????]

> Definitely a bad idea to relax the default permissions back to where they 
> were.  If you want to expose your own system to abuse, you can set umask as 
> documented in the changelog.
Is there a way to like config some param to force tomcat write logs in old way 
?and could you please give me a doc url about how set umask for tomcat run user 
??




-- Original --
From: "Caldarale, Charles R"; 
Date: 2016??8??5??(??) 12:25
To: "Tomcat Users List"; 
Subject: RE: tomat8.5 write logs with incorret os permission



> From:  [mailto:jiu...@qq.com] 
> Subject: tomat8.5 write logs with incorret os permission

> When using tomcat8.0, it starts and write logs as follows: 
> (apache-tomcat-8.0.x) -rw-rw-r-- 1 app app 873710 Aug  4 20:08 catalina.log  
> When using tomcat8.5.x (include tomcat 9.0.x), it starts and write logs as 
> follows: 
> (apache-tomcat-8.5.4) -rw-r- 1 app app 100824 Aug  4 20:10 catalina.log 

A highly appropriate change, much needed to prevent untrusted users from 
accessing private information in the log.

> So, tomcat8.5 caused other os users can not read its logs and webapps logs 
> that deployed 
> at tomcat8.5. the logs files should has permission 664, not 640.

Definitely not a good idea.

> I thinks it is not good for java webapp devlopers ,  when my web app write 
> logs as 
> data log, the logs files can not rsync by other users and hosts.

As it should be.

> but it works at tomcat7.0.x and tomcat8.0.x

"Works" is your definition; any site interested at all in secure operations 
would consider the old permissions to be dangerous and broken.

> So I asked users to require further support for tomcat8.x write log files 
> feature.

Definitely a bad idea to relax the default permissions back to where they were. 
 If you want to expose your own system to abuse, you can set umask as 
documented in the changelog.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org