RE: Problem With Tomcat and NT service
Hi In this case, can we change the base directory? Regards, hui -Original Message- From: Hubble, Christopher [mailto:[EMAIL PROTECTED] Sent: Thursday, November 18, 2004 8:28 AM To: 'Tomcat Users List' Subject: RE: Problem With Tomcat and NT service That's because when Tomcat is run as a service, it's base directory becomes System32 instead of whatever dir you run the startup bat file in. Chris -Original Message- From: Raphael THIOLIERE [mailto:[EMAIL PROTECTED] Sent: Thursday, November 18, 2004 4:40 AM To: Tomcat Users List Subject: Problem With Tomcat and NT service Hello, I use Tomcat like a server of webservices. When I run Tomcat with the script startup.bat, my application works fine. But when I want to launch Tomcat with the NT service (created by the install) it doesn't work : I have to copy a fichier in the directory system32. This fichier is use by my application, it contains the informations for the connection at the SGBD. My version of tomcat is 4.1. Idea ? If I use tomcat 3.3 ,I modify the fichier wrapper.properties and It works. Raphaël. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
lucene index parser problem
Hi, I have such a problem when creating lucene index for many html files: It shows aborted, expectedtagnametagend for those html files which contain java scripts. It seems it cannot parse the tags \. Does anyone has any solution? Thank you very very much...!!! Ivy. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
lucene locks index, tomcat has to stop and restart
Hi, I met with such a problem with lucene demo: Each time when I create lucene index, I have to first stop tomcat, and restart tomcat after the index is created. The reason is: the index is locked when using IndexReader.open(index) method in the jsp file. So, I tried to modify the jsp codes by adding close(), but it shows error which said close() is not a static method. I checked the source codes of lucene IndexReader methods, and found that the close() method is final not static. I tried to change it to static, but resulted in many errors. So, does anybody meet the similar problem as me? Do you have any solutions? Thank you very very much.!! Ivy. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How to Secure my Passwd Info from server.xml file?
Thanks Doug and Tim for the input. -Original Message- From: Parsons Technical Services [mailto:[EMAIL PROTECTED] Sent: Saturday, March 27, 2004 11:04 AM To: Tomcat Users List Subject: Re: How to Secure my Passwd Info from server.xml file? Cathy and list, I have been running this one through my head and have a couple of hang-ups. Since in this case tomcat is acting as the client then the use of encrypted would only work if you unencrypt it to send it. If the hacker can read the server.xml then he has the access to the code that does the unencryption. Obstructification would help here but not be totally secure. As some of you know and others don't, the way an encrypted password work is this: When the password is set in the first place it is run through an algorithm that encrypts it. Then when you enter a password to access whatever the system then encrypts your input with the same algorithm and compares the results. If it matches then you in. Now since Tomcat is acting as a client, TOMCAT is SENDING the password attempt to be encrypted and compared. If it was a simple solution to unencrypt the password to send it, then the whole idea of encrypted password would be a waste in that everyone could simply unencrypt the password. The fundamental idea behind encrypted passwords is that they are very difficult to unencrypt. Most password crackers have a brute force sections which simply encrypts every possible combination of characters and does the compare. So the first line of defense is to prevent the person from getting to the file, as mentioned in other emails. If there are people that you do not trust with access to the protected files then your security policy has some major flaws in it. Locking the glovebox in a car is useless if you give the thief the keys to the ignition. And to ask it another way, do you lock the glovebox in your car just in case someone breaks in? So my point is lock the car first(protect the file). If they break in the car(hack the box/file), then you have much bigger problems than this password. If they have the key and you don't trust them, take away the key! The best place to put a password is in plain site. If you want a little trickery to mess with there mind the try this. Simply create a password that appears to be encrypted. As noted in an email on this thread from Tim Funk just security through obscurity. JSO97J6HH4VHT3FFC92K39K Now enter that as the password in the database. Most people looking at this will think it is encrypted and second would find it very hard to remember. For applications such as this, always use the maximum length of password and create it from random strokes. You don't have to remember it so it doesn't matter. Just my $0.02 worth. Sorry for the long rant, just had to get it off my chest. Doug - Original Message - From: Cathy Hui [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, March 26, 2004 5:16 PM Subject: RE: How to Secure my Passwd Info from server.xml file? I probably didn't state my question more clearly. What I actually want to encrypt is the dblogin passwd, not the user login to tomcat. Is there a way to do that? Thanks for the reply! Cathy -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Thursday, March 25, 2004 10:49 AM To: Tomcat Users List Subject: RE: How to Secure my Passwd Info from server.xml file? Hi, No, you have to write a custom realm for this. A couple of others have asked in the past, so you may wish to search the archives to see if they posted their solutions. If you come up with something nice and generic, it'd be a nice donation to tomcat ;) Yoav Shapira Millennium Research Informatics -Original Message- From: Cathy Hui [mailto:[EMAIL PROTECTED] Sent: Thursday, March 25, 2004 1:41 PM To: [EMAIL PROTECTED]; tomcat-user- [EMAIL PROTECTED]; [EMAIL PROTECTED]; tomcat- [EMAIL PROTECTED] Subject: How to Secure my Passwd Info from server.xml file? I am trying to solve a security issue with my webapp. We are using tomcat's connection pooling for our webapp. The database username and password be specified in the server.xml file (as shown below). Is there a way to encrypt the password, and tomcat should decrypt the password before establishing the database connection. We are trying to do this without changing the tomcat code itself. Is it a setting in tomocat, or is there a 3rd party software? Any suggestions/solutions are appreciated. Thanks Resource name=jdbc/iOQDB auth=Container type=javax.sql.DataSource/ ResourceParams name=jdbc/iOQDB parameter nameusername/name valuemyuser/value /parameter parameter namepassword/name valuemypassword/value /parameter /ResourceParams Thanks! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication
RE: How to Secure my Passwd Info from server.xml file?
I probably didn't state my question more clearly. What I actually want to encrypt is the dblogin passwd, not the user login to tomcat. Is there a way to do that? Thanks for the reply! Cathy -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Thursday, March 25, 2004 10:49 AM To: Tomcat Users List Subject: RE: How to Secure my Passwd Info from server.xml file? Hi, No, you have to write a custom realm for this. A couple of others have asked in the past, so you may wish to search the archives to see if they posted their solutions. If you come up with something nice and generic, it'd be a nice donation to tomcat ;) Yoav Shapira Millennium Research Informatics -Original Message- From: Cathy Hui [mailto:[EMAIL PROTECTED] Sent: Thursday, March 25, 2004 1:41 PM To: [EMAIL PROTECTED]; tomcat-user- [EMAIL PROTECTED]; [EMAIL PROTECTED]; tomcat- [EMAIL PROTECTED] Subject: How to Secure my Passwd Info from server.xml file? I am trying to solve a security issue with my webapp. We are using tomcat's connection pooling for our webapp. The database username and password be specified in the server.xml file (as shown below). Is there a way to encrypt the password, and tomcat should decrypt the password before establishing the database connection. We are trying to do this without changing the tomcat code itself. Is it a setting in tomocat, or is there a 3rd party software? Any suggestions/solutions are appreciated. Thanks Resource name=jdbc/iOQDB auth=Container type=javax.sql.DataSource/ ResourceParams name=jdbc/iOQDB parameter nameusername/name valuemyuser/value /parameter parameter namepassword/name valuemypassword/value /parameter /ResourceParams Thanks! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How to Secure my Passwd Info from server.xml file?
I am trying to solve a security issue with my webapp. We are using tomcat's connection pooling for our webapp. The database username and password be specified in the server.xml file (as shown below). Is there a way to encrypt the password, and tomcat should decrypt the password before establishing the database connection. We are trying to do this without changing the tomcat code itself. Is it a setting in tomocat, or is there a 3rd party software? Any suggestions/solutions are appreciated. Thanks Resource name=jdbc/iOQDB auth=Container type=javax.sql.DataSource/ ResourceParams name=jdbc/iOQDB parameter nameusername/name valuemyuser/value /parameter parameter namepassword/name valuemypassword/value /parameter /ResourceParams Thanks! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat jitters, then hangs - please help
Hi folks, We encountered the same problem where tomcat on our linux box will hang occasionally after several days, and we have yet to find the cause of the problem. Looks like this might solve our problem :). Here is our configuration : OS : Redhat Tomcat : 4 JVM : IBM JDK1.4 I would like to know more about how should we go about configuring the LD_ASSUME_KERNEL. Please correct me if I am wrong. setenv LD_ASSUME_KERNEL 2.2.5 and that will do the trick? Does it depends on any kernel version? Besides that, we observed that some of the threads that tomcat started did not die after a few days, here is a snapshot of the tomcat processes (as an example): [say I started the tomcat at 19 October and today is 22 October, but there are still some threads running on 20 October] tomcat4 1554 1 0 Oct19 ? 00:00:19 /opt/IBMJava2-141/bin/java -Djav tomcat4 1587 1554 0 Oct19 ?00:00:00 /opt/IBMJava2-141/bin/java -Djav tomcat4 1588 1587 0 Oct19 ?00:00:00 /opt/IBMJava2-141/bin/java -Djav tomcat4 1589 1587 0 Oct19 ?00:00:00 /opt/IBMJava2-141/bin/java -Djav tomcat4 1590 1587 0 Oct19 ?00:00:00 /opt/IBMJava2-141/bin/java -Djav tomcat4 2071 1587 0 Oct19 ?00:00:00 /opt/IBMJava2-141/bin/java -Djav tomcat4 2072 1587 0 Oct19 ?00:00:00 /opt/IBMJava2-141/bin/java -Djav . tomcat4 2088 1587 0 Oct20 ?00:00:00 /opt/IBMJava2-141/bin/java -Djav tomcat4 2089 1587 0 Oct20 ?00:00:00 /opt/IBMJava2-141/bin/java -Djav I guess this might be the same issue here as well. Any comment would be much appreciated. Thanks. Regards, Hui - Original Message - From: Francois JEANMOUGIN [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, October 21, 2003 12:45 AM Subject: RE: tomcat jitters, then hangs - please help Hi, LD_ASSUME_KERNEL Problem: Tomcat Server becomes unresponsive to new requests after several hours, regardless of load. OS RH9; Tomcat 4 or 5; VM Sun or IBM (JDK 1.4) Solve: (tcsh): setenv LD_ASSUME_KERNEL 2.2.5 [...] Q: would the assume kernel 2.4 work as well ? I believe it would, but it could be worth confirming it eventually. This is not critical, obviously. I understood LD_ASSUME_KERNEL is controlling the way the libpthread interact with both the kernel and the applications. I saw lot of things written about this supposed-to-be improved lib from RedHat but the optimizations doesn't seem to be usable by those popular Jvm. François. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Installing tomcat on Win98 2nd Ed.
Hi, I am a new tomcat user and I wanted to install both Tomcat and Apache server on my Windows 98 2nd edition OS. Right now i am having trouble installing the server. When I try to install the Apache setup file apache_1.3.20-win32-src-r2.msi there will be a warning message saying that i need a newer version of the Windows Install Service. When i try to unzip the jakarta-tomcat-3.1.1.zip on the C: drive, it gave me an error saying that I don't have the access rights to the drive or something. Does anybody know what these errors are all about? And does anybody have any recommendations on what versions of the servers is best on Win 98? And anything (requirements) I need to know when i install the above servers onto my computer? I am a new user of tomcat-apache so any info will help. Thanks. Marcus __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/
RE: apache + tomcat + virtual hosts
Connie, Your default server and virtual server are using the SAME IP AND SAME PORT no., right ? What did you put in the NameVirtualHost ? should be the IP of the default server, right ? According to the documentation, you have to set the IP to either way ( not 100% sure, but I read before ) But, why don't you put your default sever into the virtual host too ?? If it can be only recognize by the NAME the client enter in the browser. Another solution is you are going to set another IP for all virtual host, but it involves modifying the DNS entries. Jack -Original Message- From: Connie Chan [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 9:25 PM To: [EMAIL PROTECTED] Subject: apache + tomcat + virtual hosts Hi, Currently, I'm using apache with tomcat. I have set up the server such that it serves a default web server, ssl server (being set up as a virtual host with using port 443), and a virtual host (with using port 80). But the document root for default web server and virtual host is mixed up. My virtual host and default web server are using the same IP address. When I type the default web server, the welcome file for virtual host displays. When I type the virtual host, the welcome file for the virtual host displays as well. However, if I specify port 8080 (the HTTP port for tomcat) in the url (for testing tomcat only without going thru apache), the default web url would display the correct welcome page. In my httpd.conf, I have declared DocumentRoot d:/jakarta-tomcat/webapps/myapp AND VirtualHost dev.mycomp.com:80 ServerName vh1.mycomp.com DocumentRoot d:/jakarta-tomcat/webapps/vh1 JkMount /*.jsp ajp12 JkMount /servlet/* ajp12 JkMount /email/* ajp12 Directory d:/jakarta-tomcat/webapps/vh1/META-INF/ AllowOverride None deny from all /Directory Directory d:/jakarta-tomcat/webapps/vh1/WEB-INF/ AllowOverride None deny from all /Directory /VirtualHost Do I miss anything? Thanks, Connie
RE: IIS Redirect - no more POST parameters
I got the same problem too but I'm using Apache and Tomcat 4 beta-1 with mod_web, so for the form stuff, we changed to use PHP instead of JSP Jack -Original Message- From: Stephen Oakes [mailto:[EMAIL PROTECTED]] Sent: Monday, May 14, 2001 7:35 AM To: '[EMAIL PROTECTED]' Subject: RE: IIS Redirect - no more POST parameters Servlets that we have been running on Tomcat have been picking up parameters from doPost whilst it was referenced by specific port. Having now re-configured IIS to redirect to Tomcat it seems that the parameters are not being passed through? Have you tried rebooting the server running IIS? It worked for me, for some strange reason. -- Stephen Oakes
Problem on tomcat-apache connection
I tried to use Tomcat 4.0 b3 with apache 1.3.12-25 on RedHat 7.0 box I couldn't compile the source of Tomcat4.0-b3, so i used the RPM's to install, then I used the mod_webapp.so from 4.0 milestone 5 with the beta 3 However, i got the error [warn] Loaded DSO modules/mod_webapp.so uses plain Ap ache 1.3 API, this module might crash under EAPI! (please recompile it with -DEAPI) But I'm not able to recompile the module. Does anyone have the mod_webapp.so work with RH7.0 and apache ??? Can you send to you to [EMAIL PROTECTED] ?? Thank you very much
Weired Result
I wanna use apache 1.3 with tomcat 4.0-b3, but i was unable to compile the mod_webapp.so, so i used the source tree of 4.0-b3 to compile the mod_webapp.so , and successfully put into map the path /examples to tomcat /examples However, I can only view HTML files ( eg. http://www.mysite.com/examples/jsp/index.html ), not the JSP files, I clicked the links of JSP files, it gives me BLANK pages without any error. It seems the result of execution of JSP hasn't wired to Apache. Anyone can help me ??? in urgent .. thanks
How to compile jsp with debugging information with 4.0
Title: How to compile jsp with debugging information with 4.0 Hi, all, I would like to debug the class file generated by Tomcat 4.0 B3. However, the class file generated with default configuration doesn't have debug information in it. I am wondering if somebody could tell me how to compile jsp with debugging information. I am assuming there should be a config flag, but couldn't find a clue in the documentation. Can anyone give me direction on this? Thank in advance. Hui
Re: java.lang.ClassCastException
Date: Thu, 07 Dec 2000 08:20:47 + To: [EMAIL PROTECTED] From: "Jon Skeet" [EMAIL PROTECTED] Subject: Re: java.lang.ClassCastException Message-ID: [EMAIL PROTECTED] This an intermitten problem that crops up once in a while. A java object SearchResult is put into the Session object by servlet1 and taken out by servlet2 which type cast it back to (SearchResult), if it's not null. Ocassionally, servlet2 will throw java.lang.ClassCastException. However, the object retrieved is not null and it IS the correct casting. Is it perhaps due to a new classloader being used? Does this happen when the servlet is recompiled half way through the operation? Jon No, the servlet it not compiled in the server. It's compiled on my PC and uploaded. However, thanks for the tip. I can reproduce the error consistently now. It happens whenever my colleague or I uploaded servlet1 or servlet2 and the servlet reloads. I have stop/start tomcat to get rid of the exception. Presumably it forces tomcat to reload all the classes, not just the servlet in question. Funny thing is, the changes to servlet1/2 is trivial (e.g. add another statement "System.err.println();") and not related to the type casting/usage of the SearchResult class/object. Even the SearchResult class/object remains the same. Is this what you mean by new classloader being used? Well, at least I know what to look out for. Spent half a day wondering what went wrong with the servlets ... Thanks again. Cathy
java.lang.ClassCastException
Hi, This an intermitten problem that crops up once in a while. A java object SearchResult is put into the Session object by servlet1 and taken out by servlet2 which type cast it back to (SearchResult), if it's not null. Ocassionally, servlet2 will throw java.lang.ClassCastException. However, the object retrieved is not null and it IS the correct casting. Did anyone encounter this before? Is there anything I might have overlooked? Thanks. Cathy