in new code
In general, older software is better understood and less risky than
new software, and if it meets requirements, is preferable.
Paul Singleton
Note that the value of the useHttpOnly attribute for theContext element is
false in 6.0.x, but true in 7.0.x. Whether or not the attribute even
for all URLs and want to save on
bandwidth or something like that.
We found one, but if you are just using base empirically, to make
things work when you don't really understand relative paths, then
it's probably worth time spent figuring out how to manage without it.
Paul Singleton
HTTPS
app, on the optimistic assumption that no-one these days actually
types e.g.
https://my-secure-app.megacorp.com
just
my-secure-app.megacorp.com
Is this a really cheesy idea? have I missed something obvious?
Paul Singleton
to enable startup sequence to be
defined?
Paul Singleton
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
with Apache httpd + Tomcat?
Paul Singleton
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Bill Barker wrote:
Paul Singleton [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
If I set
Context cookies=false ...
will Tomcat ignore any JSESSIONID cookie which
accompanies a request? Should it?
With any of the released versions, it won't ignore the cookie if the browser
If I set
Context cookies=false ...
will Tomcat ignore any JSESSIONID cookie which
accompanies a request? Should it?
Paul Singleton
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL
then if you call response.sendError(404, ) when your
app decides the request isn't sensible, this page will
be used. I haven't tried this.
Paul Singleton
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e
-list)
error-page
error-code404/error-code
location/my_error_404.jsp/location
/error-page
then if you call response.sendError(404, ) when your
app decides the request isn't sensible, this page will
be used. I haven't tried this.
Paul Singleton
is_maximum wrote:
Hi experts,
I have a web application configured to be secured by ssl, the problem is at
some pages the browser displays a dialog box as a warning that says, this
page contains both secure and non-secure items do you want to display
non-secure items? and the user has two
]
--
Paul Singleton
Jambusters Ltd
tel: 01782 750821
fax: 08707 628609
VAT: 777 3904 85
Company no. 04150146
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional
Jeff Hoffmann wrote:
Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dan,
Dan Armbrust wrote:
A simple cron job that points to a URL using lynx, and greps the
output for what it should see will do the trick...
I would use wget instead of Lynx, but that's just me.
Girish Havaldar wrote:
Hello
are there any text editor built in that assist us in formating input
data, like Subscripting, superscripting, making bold, etc. This editor we
need to embed in our jsp page.
'openWYSIWYG' and 'tinyMCE' are JavaScript
rich text editors embeddable in web pages
you can use a service at serversniff.de,
or download a desktop tool called SSLDigger from www.foundstone.com.
Paul Singleton
I tried setting SSLCipherSuite=SOME_CIPHER, to only allow a single cipher but
when a client connects it still uses whatever is the first cipher in the client's list
rather
been done? I really want a solution
which continues to behave like startup.bat regardless
of changes to the environment, Tomcat, server.xml etc.
(I won't always be there to sort things out)
Paul Singleton
-
To start a new topic
to use anyway (if
someone discovers a security vulnerability in jsvc tomorrow I shall
be smugly smiling) but realistically there's nothing in it and the
choice is yours...
Paul Singleton
--David
Faheem Mitha wrote:
Hi,
I can now get tomcat to run an ssl connector at port 8443 (Debian
default
BENTOUHAMI MB Malek (DCL) wrote:
Hi,
I meet a unsolvable problem (for me) :
14:54:27,221 ERROR [PoolTcpEndpoint] Le point de contact [SSL:
ServerSocket[addr=/0.0.0.0,port=0,localport=8443]] a ignoré l'exception:
java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No
: can a web app discover its Service?
Paul Singleton wrote:
I want to deploy the same war into different (5.5)
Services (e.g. test and live), and want it to
discover where it is and behave differently.
Is there a Tomcat-specific way to do this?
JMX and MBeans come to mind.
Is there a container
Mikolaj Rydzewski wrote:
Paul Singleton wrote:
I want to deploy the same war into different (5.5)
Services (e.g. test and live), and want it to
discover where it is and behave differently.
Is there a Tomcat-specific way to do this?
JMX and MBeans come to mind.
Is there a container
Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Paul,
Paul Singleton wrote:
I want to deploy the same war into different (5.5)
Services (e.g. test and live), and want it to
discover where it is and behave differently.
Is there a Tomcat-specific way to do
Bob Hall wrote:
--- Paul Singleton [EMAIL PROTECTED] wrote:
I want to deploy the same war into different
(5.5)
Services (e.g. test and live), and want it
to
discover where it is and behave differently.
I didn't explain *why* we want to do this, because I
don't want to spend time
I want to deploy the same war into different (5.5)
Services (e.g. test and live), and want it to
discover where it is and behave differently.
Is there a Tomcat-specific way to do this?
Is there a container-independent way of discovering
container-specific info like this?
Paul Singleton
Mikolaj Rydzewski wrote:
Paul Singleton wrote:
I want to deploy the same war into different (5.5)
Services (e.g. test and live), and want it to
discover where it is and behave differently.
Is there a Tomcat-specific way to do this?
JMX and MBeans come to mind.
Is there a container
to a telnet conversation, which could be tricky
or impossible.
Are you reinventing HTTP tunneling?
http://en.wikipedia.org/wiki/HTTP-Tunnel
Paul Singleton
Can you write a server inside a servlet ??
PK
At 06:46 2/28/2007, you wrote:
On Wed, 28 Feb 2007 12:36:03 +0100
Georg Sauer-Limbach [EMAIL
with alias 'netrequest' before replacing it?
Paul Singleton
For good measure (because I wasn't sure if I had to or not) I also added
them to my Java cacerts file on the pc that I'm going to use to remotely
connect to the Server...
OK, so my first test was to test that the certificate got installed
steps: first, reload the webapp; second, access a page in the
webapp.
Paul Singleton
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
,
Steffen
Paul Singleton
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
, you may find it easier and safer overall
to synchronise access to each session and continue to
code your sessions without worrying about concurrent
requests. Your users will never notice. Just don't
serialise *all* requests :-)
But this may not be what William is on about...
Paul Singleton
\CardiffCarshareWelsh2c
does not exist or is not a readable directory
where /webapps2/ was being interpreted as /webapps/2/ ?!?!
Paul Singleton
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL
.
That's (part of) my security posture...
Paul Singleton
PS if you know how to configure iptables to also
forward internal requests to localhost:8080 please
pass it on!
If this is true, then I say you have a very weak security posture.
Might I suggest you do some additional research
make requests to themselves at port 80, but have to
use 8080 or whatever.
Paul Singleton
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL
, but this is
probably good practice anyway, and all cookie-related
problems go away (and testing becomes easier: you can
have many independent sessions in Firefox tabs etc. :-)
Paul Singleton
-
To start a new topic, e-mail: users
then it is broken,
and if AOL don't set HTTP_X_FORWARDED_FOR then they are
guilty of Bad Practice (only those dodgy anonymising
services have a good reason to do that).
Paul Singleton
* or perhaps HTTP_CLIENT_IP
-
To start a new topic
proliferate keystores unless you
really have to...
Paul Singleton
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Lambda Probe is a free+easy way to get some
instrumentation
Propes, Barry L wrote:
I'm having some problems this morning with performance. How can I easily
determine if it's servlets, or Tomcat, as opposed to possibly the database
(Oracle) I'm using?
I've not had this problem before.
Barry
. But the second certificate just don't work because it gets the
first certificate not the second, so the domains don't match.
If it gets the first cert, then it must be using the first Connector,
which I guess is because, without address attributes, both are using
all addresses?
Paul Singleton
Any help
Jorge Isaac MartÃnez Hatch wrote:
SEVERE: Error starting endpoint
java.net.BindException: Cannot assign requested address: JVM_Bind:443
Probably the port is already in use, perhaps by a task left
over from your previous attempts. Can you reboot and try again?
Or do you have another web
in
these preferences.
cheers
Paul Singleton
Asad Habib wrote:
Hello. I am experiencing a problem trying to start Tomcat from Eclipse
using the Sysdeo Plugin.
The error I get is as follows:
Exception in thread main java.lang.NoClassDefFoundError:
org/apache/catalina/startup/Bootstrap
I am
Mark Thomas wrote:
Paul Singleton wrote:
(I am required to anonymiee a Tomcat 5.5 server from hackers
trying to discover its version etc.)
If I put this in conf/web.xml
error-page
error-code404/error-code
location/anon_error.jsp/location
/error-page
*and* put an anon_error.jsp in every
-in error page.
But where will Tomcat look for /anon_error.jsp when a
(page within a) nonexistent context is requested?
Paul Singleton
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.375 / Virus Database: 268.0.0/268 - Release Date: 23/Feb/2006
David Wall wrote:
...if the user accesses your site with
http://, the port 80 Connector (or 8080 if testing or using a
non-standard port) has a redirectPort element that causes Tomcat to
automatically issue a redirect using https://
Are you sure? I thought redirectPort was only
in Context to an absolute path to your app
regards
Paul Singleton
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.362 / Virus Database: 267.13.10/189 - Release Date: 30/Nov/2005
pages as out
of date, and recompile them as they are encountered?
Paul Singleton
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.362 / Virus Database: 267.13.7/182 - Release Date: 24/Nov/2005
I only use Tomcat standalone, and have no hunches about
your particular problem, but sometimes IE hides the
sordid details of error msgs and I find that Firefox
gives them to you straight; also there's a LiveHTTPHeaders
plugin which can be useful when troubleshooting?
good luck :-/
Paul
more simple, elegant way...
(before you're an expert you'll stop expecting this ;-)
e.g. an attribute to retain deployment on startup from explicit
contexts while suppressing implicit deployment from the appBase?
Paul Singleton
--
No virus found in this outgoing message.
Checked by AVG Anti
/error-page
error-page
exception-typejava.io.IOException/exception-type
location/some/error/page.jsp/location
/error-page
and what error codes must I do this for? Is there a
compact way of specifying *all* codes?
Is it a bad idea to define a page for java.lang.Throwable?
Paul Singleton
; if you construct SQL
queries from text supplied by the user, they may be
able to inject commands to do things you don't want
them to be able to do
RTFM for various techniques for authorizing users
Paul Singleton
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version
-r-- 1 tomcat tomcat 439 Oct 2 20:01 tomcat-users.xml
Since it contains a plaintext password this is a security
risk.
Paul Singleton
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.12.4/143 - Release Date: 19/Oct/2005
their collections of
issued session ids via a database
I guess this isn't Tomcat-specific: the (next?) API could
do a little more to help you in these circumstances?
Paul Singleton
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.12.4/142
) appear to be compiled/h4
/body
/html
Paul Singleton
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.12.4/142 - Release Date: 18/Oct/2005
-
To unsubscribe, e-mail
50 matches
Mail list logo