On 08.11.2010 22:04, Rainer Jung wrote:
On 08.11.2010 21:25, Konstantin Kolinko wrote:
My current idea with implementation is that the timestamp when request
processing started can be placed in a field in the request. Such
solution will be compatible with the recently added AccessLog
interface.
On 08.11.2010 21:25, Konstantin Kolinko wrote:
2010/11/8 Rainer Jung:
A typical annoyance when combining Apache web server and Tomcat is the
difference in access log timestamp. Apache logs the beginning of the
request, Tomcat logs the end of the request.
According to the HTTPD docs [2], this
2010/11/8 Rainer Jung :
> A typical annoyance when combining Apache web server and Tomcat is the
> difference in access log timestamp. Apache logs the beginning of the
> request, Tomcat logs the end of the request.
>
According to the HTTPD docs [2], this changed between HTTPD 1.3 and 2.
1.3 logs t
https://issues.apache.org/bugzilla/show_bug.cgi?id=40001
Ramon changed:
What|Removed |Added
CC||ra...@echophase.com
--- Comment #7 from Ra
https://issues.apache.org/bugzilla/show_bug.cgi?id=50231
Ramon changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|
On Mon, 2010-11-08 at 18:26 +0100, Rainer Jung wrote:
> On 08.11.2010 18:05, Remy Maucherat wrote:
> > I'll up that to -1, with another concern I've just thought about: if
> > using a session id path which includes more than one webapp, the version
> > numbers will have problems matching between th
Working through my ApacheCon todo list...
I asked various folks what they thought of the new index page in the
Tomcat 7's ROOT web application. I think I can sum the comments up with
the following two points:
- they liked the updated style
- they thought there was too much content / too many links
On 08/11/2010 17:26, Rainer Jung wrote:
> On 08.11.2010 18:05, Remy Maucherat wrote:
>> I'll up that to -1, with another concern I've just thought about: if
>> using a session id path which includes more than one webapp, the version
>> numbers will have problems matching between the two webapps.
>
On 08.11.2010 18:05, Remy Maucherat wrote:
I'll up that to -1, with another concern I've just thought about: if
using a session id path which includes more than one webapp, the version
numbers will have problems matching between the two webapps.
You mean situations like portals / emptysessionpa
On Mon, 2010-11-08 at 15:46 +, Mark Thomas wrote:
> I did consider that approach but rejected it for a couple of reasons:
> - Mapper needs to be manager aware - it isn't currently
Add a one method interface to be able to perform a session lookup.
> - Performance
Likely, having to do String m
On 08/11/2010 15:40, Remy Maucherat wrote:
> On Mon, 2010-11-08 at 14:31 +, Mark Thomas wrote:
>> We might be able to avoid that be limiting the version to just integers.
>> I think that is reasonable but would like to hear some feedback from others.
>>
>> That does raise the issue of whether t
https://issues.apache.org/bugzilla/show_bug.cgi?id=50231
--- Comment #5 from Mark Thomas 2010-11-08 10:41:18 EST ---
Tomcat 7 has switched to POST for all requests where you'd expect POST to be
used. A refresh can still cause problems but at least the user will be prompted
by the browser first.
On Mon, 2010-11-08 at 14:31 +, Mark Thomas wrote:
> We might be able to avoid that be limiting the version to just integers.
> I think that is reasonable but would like to hear some feedback from others.
>
> That does raise the issue of whether to convert the provided version to
> a (zero padd
https://issues.apache.org/bugzilla/show_bug.cgi?id=50231
--- Comment #4 from Ramon 2010-11-08 10:33:21 EST ---
I'm sorry if I offended you. I admit don't know enough about how browsers
handle HTTP authentication credential to properly assess the CSRF threat. I did
not mean to sensationalize the i
Dear Tomcat Developers,
I'm Peter Kortvelyesi, a research consultant at the Software Engineering
Department of the University of Szeged, Hungary.
We are conducting a research on a software quality model, which
calculates software metrics and compares the software to a benchmark
repository consisti
On 08/11/2010 15:16, Rainer Jung wrote:
> A typical annoyance when combining Apache web server and Tomcat is the
> difference in access log timestamp. Apache logs the beginning of the
> request, Tomcat logs the end of the request.
>
> I added a feature to Apache trunk (will become 2.4) to make it
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change
notification.
The "FAQ/Password" page has been changed by TimFunk.
http://wiki.apache.org/tomcat/FAQ/Password?action=diff&rev1=6&rev2=7
--
In [[h
On 08/11/2010 15:09, Rainer Jung wrote:
> Furthermore we could as a convenience convert all dots to underscores and
Or s/dots/non-alphanumerics/
p
0x62590808.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
A typical annoyance when combining Apache web server and Tomcat is the
difference in access log timestamp. Apache logs the beginning of the
request, Tomcat logs the end of the request.
I added a feature to Apache trunk (will become 2.4) to make it
configurable for Apache, which time stamp to c
https://issues.apache.org/bugzilla/show_bug.cgi?id=49711
--- Comment #6 from Christopher Schultz
2010-11-08 10:15:52 EST ---
If @MultipartConfig in a servlet is the sole way to trigger multipart handling
during a request, then a Filter must be able to check the target servlet to
determine if Req
On 08.11.2010 15:27, Mark Thomas wrote:
Yep - that looks like a left-over from when I was playing with int
rather than String for version. I'm still in two minds about that bit.
There are places internally where using String makes it easier but
limiting it to int would allow us to avoid a bunch o
Hi Chris, it seems some changes were unintentional:
On 08.11.2010 15:49, Apache Wiki wrote:
* Use properties replacement so that in the xml config you have
${db.password} and in conf/catalina.properties you put the password there. You
are not safer, but the auditors may be happy.
- * Sin
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change
notification.
The "FAQ/Password" page has been changed by ChristopherSchultz.
http://wiki.apache.org/tomcat/FAQ/Password?action=diff&rev1=5&rev2=6
--
https://issues.apache.org/bugzilla/show_bug.cgi?id=50231
--- Comment #3 from Mark Thomas 2010-11-08 09:42:05 EST ---
The comment re CSRF is pure FUD:
a) POSTs make it marginally harder to commit a CSRF attack but by no means
prevent it.
b) The generic CSRF protection from Tomcat 7 has been back-p
On 06/11/2010 13:00, Rainer Jung wrote:
> On 06.11.2010 12:57, Tim Funk wrote:
>> When running mod_jk with sticky session, but not using tomcat clustering
>> ... Will adding a new version append the version number to the end of
>> the session cookie AFTER the engineId (used by mod_jk for determinin
On 06/11/2010 11:57, Tim Funk wrote:
> This might cause a problem of using == instead of equals() for strcmp
>
> if (version == (request.getContext().getWebappVersion())) {
> mapRequired = false;
> }
Yep - that looks like a left-over from when I was playing with int
rather than String for ver
https://issues.apache.org/bugzilla/show_bug.cgi?id=50234
Summary: JspC use servlet 3.0 features
Product: Tomcat 7
Version: trunk
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
https://issues.apache.org/bugzilla/show_bug.cgi?id=50233
Summary: support long URLs (more than 2048)
Product: Tomcat Connectors
Version: 1.2.28
Platform: PC
OS/Version: Windows Server 2003
Status: NEW
Severity: critical
https://issues.apache.org/bugzilla/show_bug.cgi?id=50231
--- Comment #2 from Ramon 2010-11-08 06:40:02 EST ---
I'm not sure what you're suggesting Rainer? My issue relates to the tomcat
manager HTML page specifically. In my opinion the right thing to do is to use
POST. I do not see the need for c
https://issues.apache.org/bugzilla/show_bug.cgi?id=50232
--- Comment #1 from Tiago Batista 2010-11-08 05:19:24 EST ---
Created an attachment (id=26271)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=26271)
Removes the isLoaded method from PersistentManagerBase
This patch removes the
https://issues.apache.org/bugzilla/show_bug.cgi?id=50232
Summary: org.apache.catalina.session.StoreBase has a hidden
dependency on PersistentManager
Product: Tomcat 7
Version: trunk
Platform: PC
OS/Version: Linux
St
https://issues.apache.org/bugzilla/show_bug.cgi?id=50231
--- Comment #1 from Rainer Jung 2010-11-08 04:42:37
EST ---
For the mod_jk status worker we use GET but respond with an answer page that
only acknowledges and is after a few seconds redirected to the page used before
the operation was requ
On 08.11.2010 04:57, bugzi...@apache.org wrote:
https://issues.apache.org/bugzilla/show_bug.cgi?id=50219
Konstantin Kolinko changed:
What|Removed |Added
Status|NEW
https://issues.apache.org/bugzilla/show_bug.cgi?id=50231
Summary: Manager application should not use GET request to
perform operations
Product: Tomcat 6
Version: 6.0.29
Platform: All
OS/Version: All
Status: NEW
Author: kkolinko
Date: Mon Nov 8 08:29:05 2010
New Revision: 1032488
URL: http://svn.apache.org/viewvc?rev=1032488&view=rev
Log:
vote and proposal
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STAT
https://issues.apache.org/bugzilla/show_bug.cgi?id=48545
--- Comment #3 from Konstantin Kolinko 2010-11-08
03:25:58 EST ---
Created an attachment (id=26268)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=26268)
2010-11-08_tc6_bug48545.patch - Updated version of the patch
I'm attachi
36 matches
Mail list logo
