On 12.04.2013, at 13:08, Jamie wrote:
> Greetings!
>
> I would like some advice with regards to deploying a web app in a
> multi-tenant scenario. A while back, we had a few cloud service providers ask
> us if they could host our web app as a service. Under pressure to come with a
> quick sol
> From: Leo Donahue - RDSA IT [mailto:leodona...@mail.maricopa.gov]
> Subject: RE: server.xml shutdown port command string
> If I am the only person deploying web apps (that I have developed), should I
> still consider changing this command string value to something more complex?
Only if untrus
From: Caldarale, Charles R [chuck.caldar...@unisys.com]
Subject: RE: server.xml shutdown port command string
> From: Leo Donahue - RDSA IT [mailto:leodona...@mail.maricopa.gov]
> Subject: server.xml shutdown port command string
> Is the "command string" wh
On Wed, Apr 17, 2013 at 10:38 PM, Leo Donahue - RDSA IT <
leodona...@mail.maricopa.gov> wrote:
>
>
> From: Jakub 1983 [jjaku...@gmail.com]
> Sent: Wednesday, April 17, 2013 7:26 PM
> To: Tomcat Users List
> Subject: explanation of resource-ref in web.xml
>
I have tried, and definig only in context.xml is sufficient,
in web.xml was commented, but I still could acces database
connection from jndi.
On Thu, Apr 18, 2013 at 4:38 AM, Leo Donahue - RDSA IT <
leodona...@mail.maricopa.gov> wrote:
>
>
> From: Jakub
From: Jakub 1983 [jjaku...@gmail.com]
Subject: in web.xml
when I define database conn in context.xml, resource-ref is not needed at
all, so what is it actually for ?
**
You need something to look
From: Jakub 1983 [jjaku...@gmail.com]
Sent: Wednesday, April 17, 2013 7:26 PM
To: Tomcat Users List
Subject: explanation of resource-ref in web.xml
What the hell is in web.xml used for ?
I use it in a context,
> From: Leo Donahue - RDSA IT [mailto:leodona...@mail.maricopa.gov]
> Subject: server.xml shutdown port command string
> Is the "command string" what is being called the password on the
> security-howto page?
Yes, they're the same thing; the text should be more consistent. Note that the
shutd
What the hell is in web.xml used for ?
My imagination is as follows, please confirm or deny it.
is part of servlet spec, not tomcat spec.
context.xml and it's resource declaration is private concept of tomcat, not
described by any external specificatin, jsr, etc.
says, that in your webapp y
hi,
sorry for my english.
i just publish my web site made with java, jsp, and i'm stuck with a
problem.
my ".class" files is in the directory "WEB-INF/classes/..."
and i have the class Diversos in
"WEB-INF/classes/ferramentas/Diversos.class"
when i use a import comand like <%@page import="ferrame
In the Tomcat docs pertaining to security considerations, in the server.xml
section, it talks about if the shutdown port is not disabled, a strong password
should be configured for shutdown
http://tomcat.apache.org/tomcat-7.0-doc/security-howto.html#Server
In the Tomcat docs for configuration, t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Vidyadhar,
On 4/17/13 2:22 PM, Techienote com wrote:
> We are in the plan of upgrading the tomcat with the JVM version. It
> is in process but before that we need to stablize it on Tomcat 6
Tomcat is definitely not the problem, here. You can run To
can I define database connection only in web.xml, without using context.xml
files ?
can I pass database url, login and password into ?
when I define database conn in context.xml, resource-ref is not needed at
all, so what is it actually for ?
regards
Jakub
> Hi.
> Long and thoughtful post. Thanks.
just hope it helps move the discussion forward
> Say you have a botnet composed of 100 bots, and you want (collectively) to
> have them scan 100,000 hosts in total, each one for 30 known "buggy" URLs.
> These 30 URLs are unrelated to eachother; each one o
I call ant task
application is called jdbc.war, and I create jdbc.xml in
conf/Catalina/localhost/ after I deploy war and previous jdbc.xml
disappears - I create it on running tomcat.
Regards
Jakub
On Wed, Apr 17, 2013 at 10:04 PM, Mark Thomas wrote:
> On 17/04/2013 10:35, J
such scenario works fine for me:
jdbc.xml in C:\test\catalina_base\conf\Catalina\localhost
web.xml:
jdbc/Test
javax.sql.DataSource
Container
but fails when I changeResource name="jdbc/Test" in jbc.xml to Resource
name="jdbc/TestChanged"
w
On Wed, Apr 17, 2013 at 3:45 PM, Leo Donahue - RDSA IT <
leodona...@mail.maricopa.gov> wrote:
>
> Not knowing anything about the history of the HTTP 404 method, if a server
> does not find a matching request URI, why was it decided that the protocol
> would even respond at all? Seems like the req
On Wed, Apr 17, 2013 at 2:39 PM, André Warnier wrote:
>
> Some other calculations :
> According to the same Netcraft site, of the 600 million websites, 60% are
> "Apache" (I guess that this includes httpd and Tomcat (or else Tomcat is in
> "others").
>
>
This is good to know, and honestly, I'm gl
On Wed, Apr 17, 2013 at 1:59 PM, Leo Donahue - RDSA IT <
leodona...@mail.maricopa.gov> wrote:
> >-Original Message-
> >From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> >Subject: Re: Tomcat access log reveals hack attempt: "HEAD /manager/html
> >HTTP/1.0" 404
> >
> >
> >Peo
>-Original Message-
>From: André Warnier [mailto:a...@ice-sa.com]
>Subject: Re: [OT] Tomcat access log reveals hack attempt: "HEAD
>/manager/html HTTP/1.0" 404
>
>Leo Donahue - RDSA IT wrote:
>...
>
>>
>> [Way OT...]
>> If you get this to work, then the next place you can take this idea is
On Wed, Apr 17, 2013 at 10:45 AM, chris derham wrote:
> The OWASP recommendations for securing tomcat suggest removing all items
> under
> catalina_home/webapps as a first step. Just a thought.
>
> The first step an attacker performs when conducting a focused attack,
> is to map out the server. T
Leo Donahue - RDSA IT wrote:
...
[Way OT...]
If you get this to work, then the next place you can take this idea is to the
phone company. Why should my phone even ring at all if I know the caller is
from an 800 number... or from some other list of people I don't care to talk to
... I would
Leo Donahue - RDSA IT wrote:
-Original Message-
From: André Warnier [mailto:a...@ice-sa.com]
Subject: Re: Tomcat access log reveals hack attempt: "HEAD /manager/html
HTTP/1.0" 404
So you are saying it could be possible to know in advance that certain
requests are for repeated requests
Hi Chris,
Thanks for your help!
I have reinstalled Apache Tomcat with the tcnative library and I am not
receiving the SSL certificate errors as seen earlier. But I am now receiving
the following errors upon startup:
Apr 17, 2013 3:13:58 PM org.apache.catalina.startup.SetAllPropertiesRule be
On 17/04/2013 10:35, Jakub 1983 wrote:
> when I copy new version of myWebApp.war into webapps directory my context
> from
> conf/Catalina/localhost/ disappears (this context was manually created by
> me),
What, exactly, are you doing? For example, copy and overwrite has very
different behaviour (a
On 17/04/2013 18:28, Jamie wrote:
> Dear Tomcat Users
>
> Forgive me for saying this (and unless I am still misinformed after
> scouring the Internet for a solution), the Tomcat app server seems
> wholly inadequate for the demands of modern multi-tenant SAAS
> applications. Multi-tenant SAAS apps
>-Original Message-
>From: André Warnier [mailto:a...@ice-sa.com]
>Subject: Re: Tomcat access log reveals hack attempt: "HEAD /manager/html
>HTTP/1.0" 404
>
>>
>> So you are saying it could be possible to know in advance that certain
>requests are for repeated requests of nothing or being m
Konstantin Kolinko wrote:
2013/4/10 Howard W. Smith, Jr. :
Every now and then, I like to review localhost_access_log files, just to
see who might be trying to access my web app, running on TomEE 1.6.0
snapshot (Tomcat 7.0.39). So, a few minutes ago, I saw the following in the
log:
113.11.200.30
Leo Donahue - RDSA IT wrote:
-Original Message-
From: André Warnier [mailto:a...@ice-sa.com]
Sent: Wednesday, April 17, 2013 10:28 AM
To: Tomcat Users List
Subject: Re: Tomcat access log reveals hack attempt: "HEAD /manager/html
HTTP/1.0" 404
Leo Donahue - RDSA IT wrote:
-Original M
Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
André,
On 4/17/13 1:27 PM, André Warnier wrote:
Leo Donahue - RDSA IT wrote:
-Original Message- From: André Warnier
[mailto:a...@ice-sa.com] Subject: Re: Tomcat access log reveals
hack attempt: "HEAD /manager/h
2013/4/10 Howard W. Smith, Jr. :
> Every now and then, I like to review localhost_access_log files, just to
> see who might be trying to access my web app, running on TomEE 1.6.0
> snapshot (Tomcat 7.0.39). So, a few minutes ago, I saw the following in the
> log:
>
> 113.11.200.30 - - [09/Apr/2013:
chris derham wrote:
Yes. But someone *does* own the botted computers, and their own
operations are slightly affected. I have wondered if there is some
way to make a bot so intrusive that many more owners will ask
themselves, "why is my computer so slow/weird/whatever? I'd better
get it looked
> From: Leo Donahue - RDSA IT [mailto:leodona...@mail.maricopa.gov]
> Subject: RE: Tomcat access log reveals hack attempt: "HEAD /manager/html
> HTTP/1.0" 404
> So you are saying it could be possible to know in advance that certain
> requests are for repeated requests of nothing or being made b
Chris,
First of all thanks for the infor.
On Wed, Apr 17, 2013 at 11:31 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Vidyadhar,
>
> On 4/17/13 10:56 AM, Techienote com wrote:
> > Chris,
> >
> > On Wed, Apr 17, 2013 at 1:11 A
Andre, thx for you reply.
My war has no /META-INF/context.xml, here is piece of server.xml:
even with deployXML="false" my jdbc.context if removed from
C:\test\catalina_base\conf\Catalina\localhost
Regards
Jakub
On Wed, Apr 17, 2013 at 2:14 PM, André Warnier wrote:
> Jakub 1983 wro
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Vidyadhar,
On 4/17/13 10:56 AM, Techienote com wrote:
> Chris,
>
> On Wed, Apr 17, 2013 at 1:11 AM, Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
> Vidyadhar,
>
> On 4/16/13 1:14 PM, Techienote com wrote:
With default setti
>-Original Message-
>From: Christopher Schultz [mailto:ch...@christopherschultz.net]
>Subject: Re: Tomcat access log reveals hack attempt: "HEAD /manager/html
>HTTP/1.0" 404
>
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA256
>
>Mark,
>
>On 4/17/13 8:49 AM, Mark H. Wood wrote:
>> Yes. But
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Jamie,
On 4/17/13 1:28 PM, Jamie wrote:
> Dear Tomcat Users
>
> Forgive me for saying this (and unless I am still misinformed
> after scouring the Internet for a solution), the Tomcat app server
> seems wholly inadequate for the demands of modern m
>-Original Message-
>From: André Warnier [mailto:a...@ice-sa.com]
>Sent: Wednesday, April 17, 2013 10:28 AM
>To: Tomcat Users List
>Subject: Re: Tomcat access log reveals hack attempt: "HEAD /manager/html
>HTTP/1.0" 404
>
>Leo Donahue - RDSA IT wrote:
>>> -Original Message-
>>> From
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 4/17/13 8:49 AM, Mark H. Wood wrote:
> Yes. But someone *does* own the botted computers, and their own
> operations are slightly affected. I have wondered if there is
> some way to make a bot so intrusive that many more owners will ask
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
André,
On 4/17/13 1:27 PM, André Warnier wrote:
> Leo Donahue - RDSA IT wrote:
>>> -Original Message- From: André Warnier
>>> [mailto:a...@ice-sa.com] Subject: Re: Tomcat access log reveals
>>> hack attempt: "HEAD /manager/html HTTP/1.0" 404
Leo Donahue - RDSA IT wrote:
-Original Message-
From: André Warnier [mailto:a...@ice-sa.com]
Subject: Re: Tomcat access log reveals hack attempt: "HEAD /manager/html
HTTP/1.0" 404
That's the idea. That is one reason why I brought this discussion here : to
check if, if the default facto
Dear Tomcat Users
Forgive me for saying this (and unless I am still misinformed after
scouring the Internet for a solution), the Tomcat app server seems
wholly inadequate for the demands of modern multi-tenant SAAS
applications. Multi-tenant SAAS apps are supposed to be light weight and
have
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
James,
On 4/17/13 10:12 AM, James Snider wrote:
> After reviewing the APR documentation, I am still
> receiving the errors involving the SSL Certificate and do not
> understand where the issue is being generated. I have attached a
> copy of my c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
付进军,
On 4/17/13 4:06 AM, 付进军 wrote:
> oh sorry,the shutdown is work well, but the address still can not
> work
Please give an example of your configuration. What did you try, and
why do you think it does not work?
- -chris
-BEGIN PGP SIGNATURE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Howard,
On 4/16/13 6:52 PM, Howard W. Smith, Jr. wrote:
> just today, i recognized a query, such as following which was
> performing very poorly, even though the JOIN was on a
> primary/foreign key, and ORDER BY on primary key (which 'should' be
> f
Chris,
On Wed, Apr 17, 2013 at 1:11 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Vidyadhar,
>
> On 4/16/13 1:14 PM, Techienote com wrote:
> > With default setting we were getting frequent OOM errors. After
> > analyzing the
> Yes. But someone *does* own the botted computers, and their own
> operations are slightly affected. I have wondered if there is some
> way to make a bot so intrusive that many more owners will ask
> themselves, "why is my computer so slow/weird/whatever? I'd better
> get it looked at. Maybe I
>-Original Message-
>From: André Warnier [mailto:a...@ice-sa.com]
>Subject: Re: Tomcat access log reveals hack attempt: "HEAD /manager/html
>HTTP/1.0" 404
>
>
>That's the idea. That is one reason why I brought this discussion here : to
>check if, if the default factory setting was for exam
Hi Chuck,
After reviewing the APR documentation, I am still receiving the
errors involving the SSL Certificate and do not understand where the issue is
being generated. I have attached a copy of my current server.xml file and
screenshots of the errors I am receiving upon start up.
Can you giv
On Tue, Apr 16, 2013 at 08:25:06PM +0200, Jakub 1983 wrote:
> When is it useful to define context.xml in some other place than at
> /META-INF/context.xml inside the application files ?
>
> When do you usually do it ?
> Is it frequently used ?
> I am not asking about theoretical possibilities, but
On Tue, Apr 16, 2013 at 01:57:55PM -0300, chris derham wrote:
> > Or, another way of looking at this would be that for every 40 servers
> > scanned without a 404 delay, the same bot infrastructure within the same
> > time would only be able to scan 1 server if a 1 s 404 delay was implemented
> > by
Jakub 1983 wrote:
when I copy new version of myWebApp.war into webapps directory my context
from
conf/Catalina/localhost/ disappears (this context was manually created by
me),
maybe tomcat first deletes war, and also delete corresponding context file,
is there any way to prevent it ?
how should
when I copy new version of myWebApp.war into webapps directory my context
from
conf/Catalina/localhost/ disappears (this context was manually created by
me),
maybe tomcat first deletes war, and also delete corresponding context file,
is there any way to prevent it ?
how should such update be done
I've figured out the problem. The Driver had a built in Datasource which was
doing its own pooling management, hence keeping connections open even though
the tomcat-pool saw them as closed. In effect I had a datasource pool within
a datasource. Removing the connection attribute solved the problem.
2013/4/16 Kiren Pillay
> Hi All,
>
> I am using the tomcat-jdpc-pool from within my spring application. I am
> noticing a discrepancy between the numActive/numIdle values that the pool
> reports versus the actual number of established connections to the
> database.
>
> For example, the pool repor
oh sorry,the shutdown is work well, but the address still can not work
2013/4/17 付进军
> when i change the shutdown attribute to shutdown1 or others,it could not
> be done.
> I should also to enter the default value SHUTDOWN,then it work well.
> so what i want to say is,the shutdown attribute can
Hi
I am using this within tomcat-6.0.36.B.RELEASE contained in STS tcServer.
Here is my spring config as well.
when i change the shutdown attribute to shutdown1 or others,it could not be
done.
I should also to enter the default value SHUTDOWN,then it work well.
so what i want to say is,the shutdown attribute can't use.and the same
thing is append at the address attribute.
I found this problem at Tomcat 6.0.
59 matches
Mail list logo
