https://issues.apache.org/bugzilla/show_bug.cgi?id=39309
Kamichetty Sunil Kumar changed:
What|Removed |Added
CC||sunilkumar.kamiche...@wip
To whom it may engage...
This is an automated request, but not an unsolicited one. For
more information please visit http://gump.apache.org/nagged.html,
and/or contact the folk at gene...@gump.apache.org.
Project tomcat-trunk has an issue affecting its community integration.
This issue
Just turning the random number into a session id should sufficient and
we can forget the MD5 altogether. But if someone figures out the seed
and can guess future subsequent numbers, then they can guess future
session ids.
By using a hashing algorithm - it makes it impossible to guess what
num
Author: markt
Date: Tue Jan 6 07:15:32 2009
New Revision: 731967
URL: http://svn.apache.org/viewvc?rev=731967&view=rev
Log:
First attempt at updating the javax.servlet package for the 3.0 spec
It compiles and runs but 99.9% of the implementation is stubbed out and marked
with TODO SERVLET3
Adde
Author: remm
Date: Tue Jan 6 07:33:11 2009
New Revision: 731974
URL: http://svn.apache.org/viewvc?rev=731974&view=rev
Log:
- Votes.
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=7319
r...@apache.org wrote:
> * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=36923
>If EL is disabled, treat it as template text
>http://svn.apache.org/viewvc?rev=730590&view=rev
>+1: markt
> + 0: remm (needs TCK testing)
The TCK passes for me.
> * Fix https://issues.apache.or
First, note that any session-id provides only the flimsiest sort of
"security". Proper authentication was described a long time ago:
Needham, Roger; Schroeder, Michael (December 1978), "Using encryption
for authentication in large networks of computers.", *Communications of the
ACM* *21* (12):
On Tue, 2009-01-06 at 18:19 +, Mark Thomas wrote:
> Sorry - I'll fix the exception handling.
> The TCK passes for me.
Then I suppose it is ok. The new URL that is constructed is only used as
a String, right, not to do any actual reading ?
Rémy
--
cf
https://svn.apache.org/repos/asf/geronimo/specs/trunk/geronimo-servlet_3.0_spec
Is there a new draft of 3.0 or is this for the first public draft?
thanks
david jencks
On Jan 6, 2009, at 7:15 AM, ma...@apache.org wrote:
Author: markt
Date: Tue Jan 6 07:15:32 2009
New Revision: 731967
UR
David Jencks wrote:
> cf
> https://svn.apache.org/repos/asf/geronimo/specs/trunk/geronimo-servlet_3.0_spec
Of course. I should have thought of that. Have you done any implementation or
were you waiting for Tomcat 7?
> Is there a new draft of 3.0 or is this for the first public draft?
This is the
On Tue, 2009-01-06 at 22:17 +, Mark Thomas wrote:
> This is the public review. There have been quite a few changes since the
> public
> draft.
And there might be more changes, esp with the async stuff.
Rémy
-
To unsubscri
https://issues.apache.org/bugzilla/show_bug.cgi?id=46339
Kin-Man Chung changed:
What|Removed |Added
CC||kin-man.ch...@sun.com
--- Comm
https://issues.apache.org/bugzilla/show_bug.cgi?id=46464
Filip Hanik changed:
What|Removed |Added
Status|REOPENED|RESOLVED
Resolution|
https://issues.apache.org/bugzilla/show_bug.cgi?id=46464
Sebb changed:
What|Removed |Added
Status|RESOLVED|REOPENED
Resolution|INVALID
14 matches
Mail list logo
