https://issues.apache.org/bugzilla/show_bug.cgi?id=45255
--- Comment #20 from jcran 2009-12-09 23:59:01 UTC ---
i should be careful. it doesn't prevent all session hijacking. just certain
use-cases. see comments above.
jcran
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.c
https://issues.apache.org/bugzilla/show_bug.cgi?id=45255
--- Comment #19 from jcran 2009-12-09 23:57:11 UTC ---
At the risk of sounding like a troll, this is a pretty major security issue.
Why is it only now being dealt with?
True, it's not going prevent all session fixation, but as Mark Thomas
On Dec 9, 2009, at 5:03 AM, Ashish Jain wrote:
Hi folks,
Can you please suggest if there is anyway to disable the prompt for
username and password when using basic authentication??
That's browser behavior, so the only thing you can do from the server
side is not use plain BASIC auth. Are
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change
notification.
The "PoweredBy" page has been changed by Corina Mandel.
http://wiki.apache.org/tomcat/PoweredBy?action=diff&rev1=212&rev2=213
--
==
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change
notification.
The "PoweredBy" page has been changed by Corina Mandel.
http://wiki.apache.org/tomcat/PoweredBy?action=diff&rev1=211&rev2=212
--
{{htt
On 12/09/2009 07:06 AM, Mark Thomas wrote:
Filip Hanik - Dev Lists wrote:
On 12/09/2009 02:57 AM, Mark Thomas wrote:
Filip Hanik - Dev Lists wrote:
I would like to suggest that context.xml files that are contained within
directories or WAR files do not get copied to a sub di
Author: pero
Date: Wed Dec 9 18:15:08 2009
New Revision: 888904
URL: http://svn.apache.org/viewvc?rev=888904&view=rev
Log:
cast my vote
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=
Author: markt
Date: Wed Dec 9 16:29:54 2009
New Revision: 60
URL: http://svn.apache.org/viewvc?rev=60&view=rev
Log:
Add some info on CVE-2009-3555
Modified:
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/xdocs/security-5.xml
https://issues.apache.org/bugzilla/show_bug.cgi?id=48358
Summary: JSP-unloading reloaded
Product: Tomcat 7
Version: trunk
Platform: Other
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Componen
Filip Hanik - Dev Lists wrote:
> On 12/09/2009 02:57 AM, Mark Thomas wrote:
>> Filip Hanik - Dev Lists wrote:
>>
>>> I would like to suggest that context.xml files that are contained within
>>> directories or WAR files do not get copied to a sub directory under
>>> "conf" where it remains if the
On 12/09/2009 02:57 AM, Mark Thomas wrote:
Filip Hanik - Dev Lists wrote:
I would like to suggest that context.xml files that are contained within
directories or WAR files do not get copied to a sub directory under
"conf" where it remains if the war file or directory is removed while
the ser
Hi folks,
Can you please suggest if there is anyway to disable the prompt for
username and password when using basic authentication??
Thanks and Regards
Ashish
On 11/13/09, Costin Manolache wrote:
> On Fri, Nov 13, 2009 at 6:44 AM, Mark Thomas wrote:
>
>> Ashish Jain wrote:
>>
>> > 4) Does thi
If you can swing moving jdbc-pool as the next gen commons-dbcp - that
would be sweet.
In which case, jdbc-pool would no longer exist and we'd only be left
with dbcp.
Which leaves us with the tomcat 6 vs no access to JDBC4 - but some faqs
can point the user on how to download the needed extra
Filip Hanik - Dev Lists wrote:
> the only downside to my suggestions above is that jdbc-pool doesn't have
> much developer community around it.
> the usage of it has grown, and the bug reports have been very few and no
> major issues are outstanding.
> unless we can build a community around it, w
Filip Hanik - Dev Lists wrote:
> I would like to suggest that context.xml files that are contained within
> directories or WAR files do not get copied to a sub directory under
> "conf" where it remains if the war file or directory is removed while
> the server is shutdown.
>
> Copying the file MET
15 matches
Mail list logo
