Stafan,
On 2/13/20 14:56, Stefan Mayr wrote:
Hi Chris,
Am 13.02.2020 um 15:31 schrieb Christopher Schultz:
[snip]
The answer to the question "why change the default?" is: "because the
default was essentially insecure, in a way that wasn't obvious to
someone who wasn't paying close attention."
On 13/02/2020 19:56, Stefan Mayr wrote:
> Hi Chris,
>
> Am 13.02.2020 um 15:31 schrieb Christopher Schultz:
>> [snip]
>> The answer to the question "why change the default?" is: "because the
>> default was essentially insecure, in a way that wasn't obvious to
>> someone who wasn't paying close
Hi Chris,
Am 13.02.2020 um 15:31 schrieb Christopher Schultz:
> [snip]
> The answer to the question "why change the default?" is: "because the
> default was essentially insecure, in a way that wasn't obvious to
> someone who wasn't paying close attention."
>
> So we are forcing users to pay
On 13/02/2020 15:31, Christopher Schultz wrote:
My question would be "why do so many have AJP connectors where no
'address' attribute was specifically configured?"
The answer to the question "why change the default?" is: "because the
default was essentially insecure, in a way that wasn't
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Peter,
On 2/13/20 5:05 AM, logo wrote:
>
>
> Am 2020-02-13 10:57, schrieb Olivier Jaquemet:
>> On 13/02/2020 10:32, Rémy Maucherat wrote:
>>> On Thu, Feb 13, 2020 at 9:33 AM Olivier Jaquemet wrote:
On 13/02/2020 01:02, Stefan Mayr wrote:
From: Mark Thomas mailto:ma...@apache.org>>
Date: Thursday, Feb 13, 2020, 7:38 AM
To: users@tomcat.apache.org
mailto:users@tomcat.apache.org>>
Subject: Re: [ANN] Apache Tomcat 9.0.31 available
On 13/02/2020 12:42, jonmcalexan...@wellsfargo.com.INVALID wrote:
> Can you sti
On 13/02/2020 12:42, jonmcalexan...@wellsfargo.com.INVALID wrote:
> Can you still use a shared secret, if desired, while “
> You can specify "0.0.0.0" (IPv4) or "::" (IPv6) to restore the behaviour
> of listening on any address
> “
Yes.
Use (or not) of a secret is independent of the listening
From: Mark Thomas mailto:ma...@apache.org>>
Date: Thursday, Feb 13, 2020, 5:41 AM
To: users@tomcat.apache.org
mailto:users@tomcat.apache.org>>
Subject: Re: [ANN] Apache Tomcat 9.0.31 available
On 13/02/2020 09:57, Olivier Jaquemet wrote:
> On 13/02/2020 10:32, Rémy Maucherat w
On 13/02/2020 12:04, Olivier Jaquemet wrote:
>
> On 13/02/2020 12:41, Mark Thomas wrote:
>> On 13/02/2020 09:57, Olivier Jaquemet wrote:
>>> I understand the need to introduce a "secured by default" AJP
>>> configuration.
>>> However, I question one choice that was made for this change : the
>>>
On Thu, Feb 13, 2020 at 1:04 PM Olivier Jaquemet <
olivier.jaque...@jalios.com> wrote:
>
> On 13/02/2020 12:41, Mark Thomas wrote:
> > On 13/02/2020 09:57, Olivier Jaquemet wrote:
> >> I understand the need to introduce a "secured by default" AJP
> >> configuration.
> >> However, I question one
On 13/02/2020 12:41, Mark Thomas wrote:
On 13/02/2020 09:57, Olivier Jaquemet wrote:
I understand the need to introduce a "secured by default" AJP
configuration.
However, I question one choice that was made for this change : the
default behavior of the AJP connector to listen only on the
On 13/02/2020 09:57, Olivier Jaquemet wrote:
> On 13/02/2020 10:32, Rémy Maucherat wrote:
>> On Thu, Feb 13, 2020 at 9:33 AM Olivier Jaquemet wrote:
>>> On 13/02/2020 01:02, Stefan Mayr wrote:
> - AJP defaults changed to listen the loopback address, require a
> secret
> and to be
On 13.02.2020 11:05, logo wrote:
Am 2020-02-13 10:57, schrieb Olivier Jaquemet:
On 13/02/2020 10:32, Rémy Maucherat wrote:
On Thu, Feb 13, 2020 at 9:33 AM Olivier Jaquemet wrote:
On 13/02/2020 01:02, Stefan Mayr wrote:
- AJP defaults changed to listen the loopback address, require a
Am 2020-02-13 10:57, schrieb Olivier Jaquemet:
On 13/02/2020 10:32, Rémy Maucherat wrote:
On Thu, Feb 13, 2020 at 9:33 AM Olivier Jaquemet wrote:
On 13/02/2020 01:02, Stefan Mayr wrote:
- AJP defaults changed to listen the loopback address, require a
secret
and to be disabled in the
On 13/02/2020 10:32, Rémy Maucherat wrote:
On Thu, Feb 13, 2020 at 9:33 AM Olivier Jaquemet wrote:
On 13/02/2020 01:02, Stefan Mayr wrote:
- AJP defaults changed to listen the loopback address, require a secret
and to be disabled in the sample server.xml
[snip]
Am I correct ? Why such a
On 2020/02/13 18:32, Rémy Maucherat wrote:
It is obviously best to keep default configurations as stable as possible.
But sometimes things have to change ... As a result, you'll indeed need to
adjust your server.xml according to your deployment and AJP usage.
The documentation for the new
On Thu, Feb 13, 2020 at 9:33 AM Olivier Jaquemet <
olivier.jaque...@jalios.com> wrote:
> On 13/02/2020 01:02, Stefan Mayr wrote:
> > Hi,
> >
> >> - AJP defaults changed to listen the loopback address, require a secret
> >>and to be disabled in the sample server.xml
> > What was the motivation
On 13/02/2020 01:02, Stefan Mayr wrote:
Hi,
- AJP defaults changed to listen the loopback address, require a secret
and to be disabled in the sample server.xml
What was the motivation behind this breaking change to require a secret
or to explitly disable it? What makes an open AJP
Hi,
> - AJP defaults changed to listen the loopback address, require a secret
> and to be disabled in the sample server.xml
What was the motivation behind this breaking change to require a secret
or to explitly disable it? What makes an open AJP connector more unsafe
than an open HTTP
19 matches
Mail list logo