tomcat question
ALL, Is it possible to remove an installation of a compiler on a production web server(tomcat)? If there is a way to remove the compiler or is it required in order for the system to function properly. Could you please send me a precise summary of why and any steps that can be taken to mitigate any potential risk associated with the compiler remaining in place.This is for s security issue on my production system. Thanks for your time and support! Maxie Wiley III
RE: Thread related MBean questions
All, All, Is it possible to remove an installation of a compiler on a production web server(tomcat)? If there is a way to remove the compiler or is it required in order for the system to function properly. Could you please send me a precise summary of why and any steps that can be taken to mitigate any potential risk associated with the compiler remaining in place. This is for s security issue on my production system. My email is: maxie.wi...@serco-na.com Thanks for your time and support! Maxie Wiley III, Serco Inc -Original Message- From: Shanti Suresh [mailto:sha...@umich.edu] Sent: Monday, October 22, 2012 9:17 AM To: Tomcat Users List Subject: Re: Thread related MBean questions Hi Pid, Which MBean are you reading that on? Name: java.lang:type=Threading modelerType: sun.management.ThreadImpl ThreadAllocatedMemoryEnabled: true ThreadAllocatedMemorySupported: true ThreadContentionMonitoringEnabled: false DaemonThreadCount: 84 ... Tomcat has lots of MBeans and more than one way to create a thread pool. The JVM has threads and can contain multiple thread pools. Yes, for sure. Thanks. Yes, as of Tomcat 6.0.x, without an Executor the Connectors will have a pool each, and this will not decrease in size when idle. Thanks for confirming. I will put an Executor pool in place. -Shanti - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat question
Hello Andre, Is it possible to remove an installation of a compiler on a production web server(tomcat?). How can/where can I find out more information on this issue? Thanks -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Monday, October 22, 2012 9:22 AM To: Tomcat Users List Subject: Re: tomcat question Wiley, Maxie wrote: ALL, Is it possible to remove an installation of a compiler on a production web server(tomcat)? If there is a way to remove the compiler or is it required in order for the system to function properly. Could you please send me a precise summary of why and any steps that can be taken to mitigate any potential risk associated with the compiler remaining in place.This is for s security issue on my production system. Certainly. As soon as you tell us how much you are willing to pay for such a comprehensive analysis and report. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat question
Remove the tomcat compilter? -Original Message- From: Jose María Zaragoza [mailto:demablo...@gmail.com] Sent: Monday, October 22, 2012 9:25 AM To: Tomcat Users List Subject: Re: tomcat question 2012/10/22 André Warnier a...@ice-sa.com: Wiley, Maxie wrote: Is it possible to remove an installation of a compiler on a production web server(tomcat)? Jasper? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat question
Steve, Thank you...!! I have been but I needed another voicethank you .. thank you and Thanks You Enjoy the day! -Original Message- From: Adamus, Steven J. [mailto:steven.j.ada...@saic.com] Sent: Monday, October 22, 2012 2:47 PM To: Tomcat Users List; users-subscr...@tomcat.apache.org Subject: RE: tomcat question Maxie, You're probably referring to a DoD or similar security requirement. In the Web Server STIG, Rule ID SV-2236r8 says, Installation of compilers on production web server is prohibited. The explanation provided is, The presence of a compiler on a production server facilitates the malicious user's task of creating custom versions of programs and installing Trojan Horses or viruses. For example, the attacker's code can be uploaded and compiled on the server under attack. There are exceptions to this rule, The same STIG says, This check does not prohibit the use of the .Net Framework or the Java compiler for Oracle, and An exception is the Java Development Kit installed in conjunction with a WebSphere service or Java Server Page (JSP). You need to push back and tell your Security Auditors that the Java and Jasper compilers are required for Tomcat. Provide any documentation they require. Steve -Original Message- From: users-return-237320-STEVEN.J.ADAMUS=saic@tomcat.apache.org [mailto:users-return-237320-STEVEN.J.ADAMUS=saic@tomcat.apache.org] On Behalf Of Wiley, Maxie Sent: Monday, October 22, 2012 6:18 AM To: users-subscr...@tomcat.apache.org; users@tomcat.apache.org Subject: tomcat question ALL, Is it possible to remove an installation of a compiler on a production web server(tomcat)? If there is a way to remove the compiler or is it required in order for the system to function properly. Could you please send me a precise summary of why and any steps that can be taken to mitigate any potential risk associated with the compiler remaining in place.This is for s security issue on my production system. Thanks for your time and support! Maxie Wiley III - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
