yoavs 2004/11/10 10:37:05
Modified: docs/faq fda-validation.html security.html
docs/faq/printer security.html
xdocs-faq fda-validation.xml security.xml
Added: docs/faq/printer fda-validation.html
Log:
Added security links and security overview.
Revision Changes Path
1.3 +13 -0 jakarta-tomcat-site/docs/faq/fda-validation.html
Index: fda-validation.html
===================================================================
RCS file: /home/cvs/jakarta-tomcat-site/docs/faq/fda-validation.html,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- fda-validation.html 10 Nov 2004 18:03:44 -0000 1.2
+++ fda-validation.html 10 Nov 2004 18:37:04 -0000 1.3
@@ -30,6 +30,7 @@
<li><a href="#supportAroundValidation">What kind of support is there
around validating Tomcat?</a></li>
<li><a href="#signedReleases">How do I know I have a validated release?
How do I
know no one has tampered with the release package?</a></li>
+ <li><a href="#security">What about security? I'm concerned about
attacks.</a></li>
</ul>
</p>
</blockquote></td></tr></table><table cellpadding="2" cellspacing="0"
border="0"><tr><td bgcolor="#525D76"><font face="arial,helvetica.sanserif"
color="#ffffff"><a
name="Answers"><strong>Answers</strong></a></font></td></tr><tr><td><blockquote>
@@ -150,6 +151,18 @@
same as that published in the Apache download pages. That way, users
are assured the distribution has not been modified since the Release
Manager
signed it.
+ </p>
+ </div><br>
+
+ <b style="font-size: larger">
+ <a name="security">
+ What about security? I'm concerned about attacks.
+ </a>
+ </b>
+ <div style="padding-left : 20px;">
+ <p>
+ There's no need to be. See the <a href="security.html">security
page</a> of
+ this FAQ for more information.
</p>
</div><br>
</blockquote></td></tr></table></td></tr><!--FOOTER SEPARATOR--><tr><td
colspan="2"><hr size="1" noshade=""></td></tr><!--PAGE FOOTER--><tr><td
colspan="2"><div align="center"><font size="-1" color="#525D76"><em>
1.15 +49 -0 jakarta-tomcat-site/docs/faq/security.html
Index: security.html
===================================================================
RCS file: /home/cvs/jakarta-tomcat-site/docs/faq/security.html,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- security.html 10 Nov 2004 17:52:15 -0000 1.14
+++ security.html 10 Nov 2004 18:37:05 -0000 1.15
@@ -7,7 +7,39 @@
</a></small></td></tr></table><table cellpadding="2"
cellspacing="0" border="0"><tr><td bgcolor="#525D76"><font
face="arial,helvetica.sanserif" color="#ffffff"><a
name="Preface"><strong>Preface</strong></a></font></td></tr><tr><td><blockquote>
<p>
This FAQ section provides help with some security-related issues.
+ If you hear of a vulnerability or its exploitation, please let us know
+ on the user <a href="http://jakarta.apache.org/site/mail2.html#Tomcat";>
+ mailing lists.</a>
</p>
+
+<table cellpadding="2" cellspacing="0" border="0"><tr><td
bgcolor="#828DA6"><font face="arial,helvetica.sanserif" color="#ffffff"><a
name="The Record"><strong>The
Record</strong></a></font></td></tr><tr><td><blockquote>
+<p>
+ Tomcat's security record is impeccable. There have been no public
+ cases of damage done to a company, organization, or individual due
+ to a Tomcat security issue. There have been no documented cases
+ of data loss or application crashes caused by an intruder. While
+ there have been numerous analyses conducted on Tomcat, partially
+ because this is easy to do with Tomcat's source code openly available,
+ there have been only a few <strong>theoretical</strong> vulnerabilities
+ found. All of those were addressed rapidly even though there were no
+ documented cases of actual exploitation of these vulnerabilities.
+</p>
+</blockquote></td></tr></table>
+
+<table cellpadding="2" cellspacing="0" border="0"><tr><td
bgcolor="#828DA6"><font face="arial,helvetica.sanserif" color="#ffffff"><a
name="Role of Customization"><strong>Role of
Customization</strong></a></font></td></tr><tr><td><blockquote>
+<p>
+ We believe, and the evidence suggests, that Tomcat is more than secure
+ enough for most use-cases. However, like all other components of Tomcat,
+ you can customize any and all of the relevant parts of the server to
+ achieve even higher security. For example, the session manager
implementation
+ is pluggable, and even the default implementation has support for pluggable
+ random number generators. If you have a special need that you feel is not
+ met by Tomcat out of the box, consider these customization options. At the
+ same time, please bring up your requirements on the user mailing list,
where
+ we'll be glad to discuss it and assist in your
approach/design/implementation
+ as needed.
+</p>
+</blockquote></td></tr></table>
</blockquote></td></tr></table><table cellpadding="2" cellspacing="0"
border="0"><tr><td bgcolor="#525D76"><font face="arial,helvetica.sanserif"
color="#ffffff"><a
name="Questions"><strong>Questions</strong></a></font></td></tr><tr><td><blockquote>
<ul>
<li>
@@ -53,6 +85,12 @@
</a>
</li>
+ <li>
+ <a href="#analyses">
+ Has Tomcat's security been independently analyzed or audited?
+ </a>
+ </li>
+
</ul>
</blockquote></td></tr></table><table cellpadding="2" cellspacing="0"
border="0"><tr><td bgcolor="#525D76"><font face="arial,helvetica.sanserif"
color="#ffffff"><a
name="Answers"><strong>Answers</strong></a></font></td></tr><tr><td><blockquote>
@@ -156,6 +194,17 @@
<a
href="http://marc.theaimsgroup.com/?l=tomcat-user&m=108566020231438&w=2";>
this mailing list post
</a> for a complete setup example with permissions etc.
+ </div><br>
+
+ <b style="font-size: larger">
+ <a name="analyses">
+ Has Tomcat's security been independently analyzed or audited?
+ </a>
+ </b>
+ <div style="padding-left : 20px;">
+ Yes, by numerous organizations and individuals, many times. Try
+ <a
href="http://www.google.com/search?sourceid=navclient&ie=UTF-8&q=is+tomcat+secure";>
+ this Google search</a> and you'll see many references, guides, and
analyses.
</div><br>
</blockquote></td></tr></table></td></tr><!--FOOTER SEPARATOR--><tr><td
colspan="2"><hr size="1" noshade=""></td></tr><!--PAGE FOOTER--><tr><td
colspan="2"><div align="center"><font size="-1" color="#525D76"><em>
1.11 +49 -0 jakarta-tomcat-site/docs/faq/printer/security.html
Index: security.html
===================================================================
RCS file: /home/cvs/jakarta-tomcat-site/docs/faq/printer/security.html,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- security.html 10 Nov 2004 17:52:17 -0000 1.10
+++ security.html 10 Nov 2004 18:37:05 -0000 1.11
@@ -6,7 +6,39 @@
" align="right" src="../../images/tomcat.gif"></a></td></tr><!--HEADER
SEPARATOR--><tr><td colspan="2"><hr size="1" noshade=""></td></tr><tr><!--RIGHT
SIDE MAIN BODY--><td align="left" valign="top" width="80%"><table
cellspacing="4" width="100%" border="0"><tr><td nowrap="true" valign="top"
align="left"><h1>Tomcat FAQ</h1><h2>Security</h2></td><td nowrap="true"
valign="top" align="right"><img border="0" hspace="0" vspace="0" height="1"
width="1" src="../../images/void.gif"></td></tr></table><table cellpadding="2"
cellspacing="0" border="0"><tr><td bgcolor="#525D76"><font
face="arial,helvetica.sanserif" color="#ffffff"><a
name="Preface"><strong>Preface</strong></a></font></td></tr><tr><td><blockquote>
<p>
This FAQ section provides help with some security-related issues.
+ If you hear of a vulnerability or its exploitation, please let us know
+ on the user <a href="http://jakarta.apache.org/site/mail2.html#Tomcat";>
+ mailing lists.</a>
</p>
+
+<table cellpadding="2" cellspacing="0" border="0"><tr><td
bgcolor="#828DA6"><font face="arial,helvetica.sanserif" color="#ffffff"><a
name="The Record"><strong>The
Record</strong></a></font></td></tr><tr><td><blockquote>
+<p>
+ Tomcat's security record is impeccable. There have been no public
+ cases of damage done to a company, organization, or individual due
+ to a Tomcat security issue. There have been no documented cases
+ of data loss or application crashes caused by an intruder. While
+ there have been numerous analyses conducted on Tomcat, partially
+ because this is easy to do with Tomcat's source code openly available,
+ there have been only a few <strong>theoretical</strong> vulnerabilities
+ found. All of those were addressed rapidly even though there were no
+ documented cases of actual exploitation of these vulnerabilities.
+</p>
+</blockquote></td></tr></table>
+
+<table cellpadding="2" cellspacing="0" border="0"><tr><td
bgcolor="#828DA6"><font face="arial,helvetica.sanserif" color="#ffffff"><a
name="Role of Customization"><strong>Role of
Customization</strong></a></font></td></tr><tr><td><blockquote>
+<p>
+ We believe, and the evidence suggests, that Tomcat is more than secure
+ enough for most use-cases. However, like all other components of Tomcat,
+ you can customize any and all of the relevant parts of the server to
+ achieve even higher security. For example, the session manager
implementation
+ is pluggable, and even the default implementation has support for pluggable
+ random number generators. If you have a special need that you feel is not
+ met by Tomcat out of the box, consider these customization options. At the
+ same time, please bring up your requirements on the user mailing list,
where
+ we'll be glad to discuss it and assist in your
approach/design/implementation
+ as needed.
+</p>
+</blockquote></td></tr></table>
</blockquote></td></tr></table><table cellpadding="2" cellspacing="0"
border="0"><tr><td bgcolor="#525D76"><font face="arial,helvetica.sanserif"
color="#ffffff"><a
name="Questions"><strong>Questions</strong></a></font></td></tr><tr><td><blockquote>
<ul>
<li>
@@ -52,6 +84,12 @@
</a>
</li>
+ <li>
+ <a href="#analyses">
+ Has Tomcat's security been independently analyzed or audited?
+ </a>
+ </li>
+
</ul>
</blockquote></td></tr></table><table cellpadding="2" cellspacing="0"
border="0"><tr><td bgcolor="#525D76"><font face="arial,helvetica.sanserif"
color="#ffffff"><a
name="Answers"><strong>Answers</strong></a></font></td></tr><tr><td><blockquote>
@@ -155,6 +193,17 @@
<a
href="http://marc.theaimsgroup.com/?l=tomcat-user&m=108566020231438&w=2";>
this mailing list post
</a> for a complete setup example with permissions etc.
+ </div><br>
+
+ <b style="font-size: larger">
+ <a name="analyses">
+ Has Tomcat's security been independently analyzed or audited?
+ </a>
+ </b>
+ <div style="padding-left : 20px;">
+ Yes, by numerous organizations and individuals, many times. Try
+ <a
href="http://www.google.com/search?sourceid=navclient&ie=UTF-8&q=is+tomcat+secure";>
+ this Google search</a> and you'll see many references, guides, and
analyses.
</div><br>
</blockquote></td></tr></table></td></tr><!--FOOTER SEPARATOR--><tr><td
colspan="2"><hr size="1" noshade=""></td></tr><!--PAGE FOOTER--><tr><td
colspan="2"><div align="center"><font size="-1" color="#525D76"><em>
1.1 jakarta-tomcat-site/docs/faq/printer/fda-validation.html
Index: fda-validation.html
===================================================================
<html><head><META http-equiv="Content-Type" content="text/html;
charset=iso-8859-1"><title>Tomcat FAQ - FDA (21 CFR Part 11)
Validation</title><meta value="Yoav Shapira" name="author"><meta value="[EMAIL
PROTECTED]" name="email"><style>
dt { font-size : larger; font-weight : bold }
dd {padding-bottom : 10px;}
</style></head><body vlink="#525D76" alink="#525D76" link="#525D76"
text="#000000" bgcolor="#ffffff"><table cellspacing="4" width="100%"
border="0"><!--PAGE HEADER--><tr><td colspan="2"><!--JAKARTA LOGO--><a
href="http://jakarta.apache.org/";><img border="0" alt="The Jakarta Project"
align="left"
src="http://jakarta.apache.org//images/jakarta-logo.gif";></a><!--PROJECT
LOGO--><a href="http://jakarta.apache.org/tomcat/";><img border="0" alt="
Tomcat FAQ
" align="right" src="../../images/tomcat.gif"></a></td></tr><!--HEADER
SEPARATOR--><tr><td colspan="2"><hr size="1" noshade=""></td></tr><tr><!--RIGHT
SIDE MAIN BODY--><td align="left" valign="top" width="80%"><table
cellspacing="4" width="100%" border="0"><tr><td nowrap="true" valign="top"
align="left"><h1>Tomcat FAQ</h1><h2>FDA (21 CFR Part 11)
Validation</h2></td><td nowrap="true" valign="top" align="right"><img
border="0" hspace="0" vspace="0" height="1" width="1"
src="../../images/void.gif"></td></tr></table><table cellpadding="2"
cellspacing="0" border="0"><tr><td bgcolor="#525D76"><font
face="arial,helvetica.sanserif" color="#ffffff"><a
name="Preface"><strong>Preface</strong></a></font></td></tr><tr><td><blockquote>
<p>
This page discusses using Tomcat in an
<a href="http://www.fda.gov";>FDA</a>
<a href="http://www.fda.gov/cdrh/comp/guidance/938.html";>
validated</a> environment,
i.e. one where
<a href="http://www.21cfrpart11.com/";>
21 CFR Part 11</a> regulations apply.
</p>
<p>
Please note that although this page mentions specific companies, we do
not explicitly
endorse or sell anyone's services. Tomcat and Apache are not-for-profit
organizations.
This page is also far from a complete listing of vendors and support
options. It is
meant as a demonstration showing that these options do exist and
that running Tomcat in a validated environment is both feasible and
reasonable.
</p>
</blockquote></td></tr></table><table cellpadding="2" cellspacing="0"
border="0"><tr><td bgcolor="#525D76"><font face="arial,helvetica.sanserif"
color="#ffffff"><a
name="Questions"><strong>Questions</strong></a></font></td></tr><tr><td><blockquote>
<p>
<ul>
<li><a href="#canItBeDone">Can Tomcat be used in a validated
environment?</a></li>
<li><a href="#hasAnyoneDoneIt">Has anyone actually done it?</a></li>
<li><a href="#isTomcatItselfValidated">Is Tomcat itself
validated?</a></li>
<li><a href="#supportAroundValidation">What kind of support is there
around validating Tomcat?</a></li>
<li><a href="#signedReleases">How do I know I have a validated release?
How do I
know no one has tampered with the release package?</a></li>
<li><a href="#security">What about security? I'm concerned about
attacks.</a></li>
</ul>
</p>
</blockquote></td></tr></table><table cellpadding="2" cellspacing="0"
border="0"><tr><td bgcolor="#525D76"><font face="arial,helvetica.sanserif"
color="#ffffff"><a
name="Answers"><strong>Answers</strong></a></font></td></tr><tr><td><blockquote>
<b style="font-size: larger">
<a name="canItBeDone">
Can Tomcat be used in a validated environment?
</a>
</b>
<div style="padding-left : 20px;">
<p>
Yes. There's nothing in Tomcat's design or implementation that prevent it
from being used in a validated environment. The same validation
procedures
and guidelines that apply to most software packages apply to Tomcat as
well.
Being an open-source application does not preclude Tomcat validation. In
fact,
it helps in at least one key aspect: the source code itself can be
audited, as
can the commit and change logs for the software.
</p>
</div><br>
<b style="font-size: larger">
<a name="hasAnyoneDoneIt">
Has anyone actually done it?
</a>
</b>
<div style="padding-left : 20px;">
<p>
Yes. As shown in this user mailing list
<a
href="http://marc.theaimsgroup.com/?l=tomcat-user&m=109836874319797&w=2";>archive</a>,
Merck and other large companies are using Tomcat in a validated
environment. In addition,
there is at least one application provider
(<a href="http://www.interchangedigital.com";>Interchange Digital</a>)
whose application runs on Tomcat that has deployed said package in
numerous pharma data
centers.
</p>
</div><br>
<b style="font-size: larger">
<a name="isTomcatItselfValidated">
Is Tomcat itself validated?
</a>
</b>
<div style="padding-left : 20px;">
<p>
Yes. Tomcat itself is validated to the extent it can be. Tomcat
implements two
Java Specifications: the
<a href="http://java.sun.com/products/servlet";>Servlet Specification</a>
and the
<a href="http://java.sun.com/products/jsp";>Java Server Pages (JSP)
Specification</a>.
Each of these specifications has a Technology Compatbility Kit (TCK),
which is a collection
of tests to certify a given product meets the Specification fully and
accurately.
</p>
<p>
The <a href="http://www.apache.org";>Apache Software Foundation</a> is
licensed to run
these TCKs. They are run against every single Tomcat release.
<strong>No Tomcat release is
pronounced stable unless it has passed both of these TCKs with 100%
compliance.</strong>
Therefore, every stable Tomcat release is validated to the extent of
Tomcat's core functionality.
</p>
<p>
Furthermore, any company of individual may
<a href="http://java.sun.com/scholarship/";>apply</a> to obtains and use
these
TCKs themselves. That way, you can re-validated Tomcat including any
custom patches
you have implemented.
</p>
<p>
However, we cannot validate your application's use of Tomcat. You're on
your own there.
</p>
</div><br>
<b style="font-size: larger">
<a name="supportAroundValidation">
What kind of support is there around validating Tomcat?
</a>
</b>
<div style="padding-left : 20px;">
<p>
Several kinds. They include:
<ul>
<li>There are numerous <a
href="http://jakarta.apache.org/site/vendors.html";>smaller vendors</a>
and several large ones, including IBM, HP, Sun, and Novell, who
offer Tomcat consulting and support
services, including application auditing, environment assessments,
and risk analysis.</li>
<li>There are numerous vendors in addition to the above consultants,
like
<a href="http://www.covalent.net/";>Covalent</a> and
<a href="http://www.jboss.org/services/prodsupport";>JBoss</a>,
who offer 24/7/365 enterprise-level support for Tomcat.</li>
<li>The Tomcat <a
href="http://jakarta.apache.org/site/mail2.html#Tomcat";>mailing lists</a> are
extremely active and contain members of many of the above
organizations, including contractors
available for hire.</li>
</ul>
</p>
</div><br>
<b style="font-size: larger">
<a name="signedReleases">
How do I know I have a validated release? How do I know no one
has tampered with the release package?
</a>
</b>
<div style="padding-left : 20px;">
<p>
All Tomcat releases are signed using the Release Manager's
<a href="http://www.pgpi.org/doc/pgpintro";>PGP</a> key. The key
is also available in the <i>KEYS</i> file that ships with every
Tomcat release. The same <i>KEYS</i> file is also available in the
Tomcat CVS repository
(<a
href="http://cvs.apache.org/viewcvs.cgi/jakarta-tomcat-5/KEYS";>here</a>).
The PGP signatures are available on all the Tomcat download pages,
and can (and should!) be used to verify the release really is the
signed distribution.
</p>
<p>
As for tampering: every Tomcat release is also digested using the MD5
algorithm as specified in
<a href="http://www.faqs.org/rfcs/rfc1321.html";>RFC1321</a>. The MD5
digest is included in all the download pages. Users run MD5 on their
local machine to verify that the digest of what they downlaoded is the
same as that published in the Apache download pages. That way, users
are assured the distribution has not been modified since the Release
Manager
signed it.
</p>
</div><br>
<b style="font-size: larger">
<a name="security">
What about security? I'm concerned about attacks.
</a>
</b>
<div style="padding-left : 20px;">
<p>
There's no need to be. See the <a href="security.html">security
page</a> of
this FAQ for more information.
</p>
</div><br>
</blockquote></td></tr></table></td></tr><!--FOOTER SEPARATOR--><tr><td
colspan="2"><hr size="1" noshade=""></td></tr><!--PAGE FOOTER--><tr><td
colspan="2"><div align="center"><font size="-1" color="#525D76"><em>
Copyright © 1999-2003, Apache Software Foundation
</em></font></div></td></tr></table></body></html>
1.3 +13 -0 jakarta-tomcat-site/xdocs-faq/fda-validation.xml
Index: fda-validation.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat-site/xdocs-faq/fda-validation.xml,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- fda-validation.xml 10 Nov 2004 18:03:44 -0000 1.2
+++ fda-validation.xml 10 Nov 2004 18:37:05 -0000 1.3
@@ -42,6 +42,7 @@
<li><a href="#supportAroundValidation">What kind of support is there
around validating Tomcat?</a></li>
<li><a href="#signedReleases">How do I know I have a validated release?
How do I
know no one has tampered with the release package?</a></li>
+ <li><a href="#security">What about security? I'm concerned about
attacks.</a></li>
</ul>
</p>
</section>
@@ -165,6 +166,18 @@
same as that published in the Apache download pages. That way, users
are assured the distribution has not been modified since the Release
Manager
signed it.
+ </p>
+ </answer>
+
+ <question>
+ <a name="security">
+ What about security? I'm concerned about attacks.
+ </a>
+ </question>
+ <answer>
+ <p>
+ There's no need to be. See the <a href="security.html">security
page</a> of
+ this FAQ for more information.
</p>
</answer>
</section>
1.8 +49 -0 jakarta-tomcat-site/xdocs-faq/security.xml
Index: security.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat-site/xdocs-faq/security.xml,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- security.xml 27 May 2004 13:18:54 -0000 1.7
+++ security.xml 10 Nov 2004 18:37:05 -0000 1.8
@@ -18,7 +18,39 @@
<section name="Preface">
<p>
This FAQ section provides help with some security-related issues.
+ If you hear of a vulnerability or its exploitation, please let us know
+ on the user <a href="http://jakarta.apache.org/site/mail2.html#Tomcat";>
+ mailing lists.</a>
</p>
+
+<subsection name="The Record">
+<p>
+ Tomcat's security record is impeccable. There have been no public
+ cases of damage done to a company, organization, or individual due
+ to a Tomcat security issue. There have been no documented cases
+ of data loss or application crashes caused by an intruder. While
+ there have been numerous analyses conducted on Tomcat, partially
+ because this is easy to do with Tomcat's source code openly available,
+ there have been only a few <strong>theoretical</strong> vulnerabilities
+ found. All of those were addressed rapidly even though there were no
+ documented cases of actual exploitation of these vulnerabilities.
+</p>
+</subsection>
+
+<subsection name="Role of Customization">
+<p>
+ We believe, and the evidence suggests, that Tomcat is more than secure
+ enough for most use-cases. However, like all other components of Tomcat,
+ you can customize any and all of the relevant parts of the server to
+ achieve even higher security. For example, the session manager
implementation
+ is pluggable, and even the default implementation has support for pluggable
+ random number generators. If you have a special need that you feel is not
+ met by Tomcat out of the box, consider these customization options. At the
+ same time, please bring up your requirements on the user mailing list,
where
+ we'll be glad to discuss it and assist in your
approach/design/implementation
+ as needed.
+</p>
+</subsection>
</section>
@@ -67,6 +99,12 @@
</a>
</li>
+ <li>
+ <a href="#analyses">
+ Has Tomcat's security been independently analyzed or audited?
+ </a>
+ </li>
+
</ul>
</section>
@@ -173,6 +211,17 @@
<a
href="http://marc.theaimsgroup.com/?l=tomcat-user&m=108566020231438&w=2";>
this mailing list post
</a> for a complete setup example with permissions etc.
+ </answer>
+
+ <question>
+ <a name="analyses">
+ Has Tomcat's security been independently analyzed or audited?
+ </a>
+ </question>
+ <answer>
+ Yes, by numerous organizations and individuals, many times. Try
+ <a
href="http://www.google.com/search?sourceid=navclient&ie=UTF-8&q=is+tomcat+secure";>
+ this Google search</a> and you'll see many references, guides, and
analyses.
</answer>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
![http://jakarta.apache.org//images/jakarta-logo.gif"](http://jakarta.apache.org//images/jakarta-logo.gif"){kind=link}