I have a _possible_ bug involving security in Tomcat 5.0.28. I dont see it in
the bug database, although it may be described in a way that I didnt search for.
I would prefer to send it privately in case its real. If thats not feasible, I
will post it here. Or is there a way to put
John Caron wrote:
I have a _possible_ bug involving security in Tomcat 5.0.28. I dont see
it in the bug database, although it may be described in a way that I
didnt search for.
I would prefer to send it privately in case its real. If thats not
feasible, I will post it here. Or is there a way
permissions to all jars webapps on my tomcat. So guessed, giving these
permissions only to $JAVA_HOME jars (lib, lib/ext) and tomcat jars
(common,server,bin) should have the same result - but no I got a security
excpetion:
access: access denied (javax.management.MBeanPermission
From: Tracy Spratt [mailto:[EMAIL PROTECTED]
Subject: Can the Tomcat authentication module use an ASP.NET
security token?
I have a Tomcat app (MM Flex app) that is called from an asp.net
application which is secured by forms (cookie-based) authentication.
(NOT NTLM / Windows Integrated
I have a Tomcat app (MM Flex app) that is called from an asp.net
application which is secured by forms (cookie-based) authentication.
(NOT NTLM / Windows Integrated)
I don't want the user to have to log in again.
I have a programmatic solution in mind, but it is going to be
comparitively ugly.
.
If I run tomcat without security manager everything works well.
If I run tomcat with security manager, monitoring the tomcat mbeans works well
- but jconsoles memory view doensn't work!
Sun's doc says: If your application runs a security manager, then additional
permissions are required
I like to monitor my tomcat 5.5 (running on jdk 1.5.0) with jconsole.
If I run tomcat without security manager everything works well.
If I run tomcat with security manager, monitoring the tomcat mbeans works well
- but jconsoles memory view doensn't work!
Sun's doc says: If your application runs
All:
Is it possible to start Tomcat w/ the security manager enabled if I were
to use the Tomcat Web Application Manager?
--
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
When trying a recently unpacked 5.5.11, started with -security, I get an
exception the first time I try to check the root index.jsp.
Anyone know what I am doing wrong?
Cheers,
-- Gunnar Brading
SEVERE: Servlet.service() for servlet org.apache.jsp.index_jsp threw
exception
The IBM platform has a unique capability to create a thread level
security environment.
I have an application requirement to do so.. I can invoke the necessary
function using JNI.
Someone has suggested to me that using the technique of a Custome Valve
would enable me to implement
i have this in my ${CATALINA_HOME}/webapps/ROOT/WEB-INF/web.xml:
login-config
auth-methodFORM/auth-method
realm-nameqrm/realm-name
form-login-config
form-login-page/login/login.do?type=attempt/form-login-page
I am running tomcat on z/OS using JZOS.
I would like to create a thread security context thru jni using
pthread_security_np().
I have the following questions:
1) Does tomcat create a thread when it processes a client request ??
2) Can tomcat create a session where one thread processes all
By the lack of response to my question, I take it that it is not possible to
override the following web.xml settings by redefining them in Tomcats
server.xml
security-constraint
login-config
security-role
Any changes to those values must be made after
the following web.xml settings by redefining them in Tomcat’s
server.xml
security-constraint
login-config
security-role
Any changes to those values must be made after the application has been
deployed by editing the deployed web.xml. Is that correct? There is now
way
WAR file security settings.
I can confirm that you can't override these web.xml settings in server.xml
It should be simple enough in Ant to generate two .war files that only
differ by the web.xml file
Mark
Jim Henderson wrote:
By the lack of response to my question, I take
I am working on a web application that can be used in two ways at the same
time depending on its URL. The original WAR file has a web.xml that defines
tight security requiring form authentication with id and password.
In Tomcats server.xml I have two Contexts with different paths
I have been setting up BASIC security realms to limit partial site access to
authorised users. The security/privacy is not too great, I just want to
stop casual browser access.
All works fine, with normal browser access causing the pop-up window
requesting user name and password.
However
Please respond to
Tomcat Users List tomcat-user@jakarta.apache.org
To
Tomcat Users List tomcat-user@jakarta.apache.org
cc
Subject
Re: Security Questions Regarding Tomcat
This sounds really fishy. Tomcat does not by default have any
connectors configured for port 80. There must be another
tomcat-user@jakarta.apache.org
cc
Subject
Re: Security Questions Regarding Tomcat
This sounds really fishy. Tomcat does not by default have any
connectors configured for port 80. There must be another service or
you've modified your server.xml somehow.
--David
Robert V. Coward/CTR/OSAGWI wrote
tomcat-user@jakarta.apache.org
cc
Subject
Re: Security Questions Regarding Tomcat
But it's also commented out and not active. It's there as an example of
a proxied port if you happen to be using Apache and mod_rewrite as a
front end to tomcat.
--David
Robert V. Coward/CTR/OSAGWI wrote:
Hmmm
Robert V. Coward/CTR/OSAGWI wrote:
Hmmm. Well take a look at this entry from the server.xml file:
!-- Define a Proxied HTTP/1.1 Connector on port 8082 --
!-- See proxy documentation for more information about using this.
--
!--
Connector port=8082
maxThreads=150
Users List tomcat-user@jakarta.apache.org
cc
Subject
Re: Security Questions Regarding Tomcat
Robert V. Coward/CTR/OSAGWI wrote:
Hmmm. Well take a look at this entry from the server.xml file:
!-- Define a Proxied HTTP/1.1 Connector on port 8082 --
!-- See proxy documentation
Robert V. Coward/CTR/OSAGWI wrote:
Understood. But I do not want to use Tomcat proxying services. I just want
to host 8080 locally and let my ipfilter firewall block and proxy for me.
Then the default Tomcat configuration of listening on port 8080 is
just what you need. I highly recommend
To
Tomcat Users List tomcat-user@jakarta.apache.org
cc
Subject
Re: Security Questions Regarding Tomcat
Robert V. Coward/CTR/OSAGWI wrote:
Understood. But I do not want to use Tomcat proxying services. I just
want
to host 8080 locally and let my ipfilter firewall block and proxy for
me
PROTECTED]
08/15/2005 10:30 AM
Please respond to
Tomcat Users List tomcat-user@jakarta.apache.org
To
Tomcat Users List tomcat-user@jakarta.apache.org
cc
Subject
Re: Security Questions Regarding Tomcat
Robert V. Coward/CTR/OSAGWI wrote:
Understood. But I do not want to use Tomcat proxying
cc
Subject
Re: Security Questions Regarding Tomcat
Regardless of what you put up in front of tomcat to act as the proxy
host, you'll most likely need the proxyPort and proxyName attributes in
your connector so tomcat can write urls correctly as needed (like in
sending external redirects). I
OK, this is correct! Sorry, but I also thing that we must
have a secretKey and a restricted IP list to register inside cluster I
want implement this
inside the next release. But currenly the cluster message are not
crypted and when clients can connect
to your network your go in trouble. At
When using tomcat clusters on an untrusted subnet or using a routable
multicast address, i see the potential for a rogue tomcat instance to
join a cluster in order to hijack session information. This doesn't
seem to be cured by any firewalling of incoming connections to the
valid servers, as,
-Original Message-
From: Alon Belman [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 11, 2005 4:20 PM
To: Tomcat Users List
Subject: Re: Security Questions Regarding Tomcat
copied share to meb/robo
laters!
On 8/11/05, LFM [EMAIL PROTECTED] wrote:
Tim,
Thanks for the reply, but I can't get
-below-1000 rule is an
ill considered security kludge which has probably
caused more trouble than it has circumvented)
You could redirect port 443 to 8443 (and 80 to 8080)
either in an external firewall/router or in iptables
within your server, then start Tomcat as e.g. tomcat
on its usual ports
Alon Belman [EMAIL PROTECTED]
Subject
Re: Security Questions Regarding Tomcat
Harrell, Ralph wrote:
I would like to be able to start TOMCAT as a non-root
user but am unable to as we are running SSL and use
port 443 and non-root users do not have the permission
to use ports under 1000
Robert V. Coward/CTR/OSAGWI wrote:
Apparently T5 comes with a port 80 proxy server a special servlet
container or something. Basically I have ipfilter running and only allow
access to port 8080, but if you send a request to 80 tTomcat picks up and
does some sort of internal redirect to port
ports under 1000.
Ralph B. Harrell
UNC Charlotte
Manager, Oracle Database Administration
[EMAIL PROTECTED]
(704) 687-2951
-Original Message-
From: Alon Belman [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 11, 2005 4:20 PM
To: Tomcat Users List
Subject: Re: Security Questions Regarding
port 8080 access to
the web.
Thanks
Paul Singleton [EMAIL PROTECTED]
08/12/2005 10:08 AM
Please respond to
Tomcat Users List tomcat-user@jakarta.apache.org
To
Tomcat Users List tomcat-user@jakarta.apache.org
cc
Alon Belman [EMAIL PROTECTED]
Subject
Re: Security Questions Regarding Tomcat
(all?) Unix variants, anyway.
(FWIW I think this root-only-below-1000 rule is an
ill considered security kludge which has probably
caused more trouble than it has circumvented)
You could redirect port 443 to 8443 (and 80 to 8080)
either in an external firewall/router or in iptables
within
Hello all,
I'm ready to pull my hair out getting the security constraint to work.
Basically, I need to forward all traffic except one directory to the https
port. I've got it to work if I use the url-pattern of /*. However, when I
specify the patterns to accomplish the task, nothing matches
Tim, list:
Where can I find documentation regarding limting HTTP methods using
security-constraints?
All I was able to do was requiere authentication in order to use some HTTP
methods but I would like to limit them like it can be donde with the
directive Limit in Apache.
I will also appreciate
Leandro Meiners wrote:
Where can I find documentation regarding limting HTTP methods using
security-constraints?
The Security section of the Servlet 2.4 Spec (SRV.12) has some good
examples -- highly recommended :-)
FWIW!
--
Hassan Schroeder - [EMAIL PROTECTED
Hi!
I'm hardening a Web Server running Tomcat for a client, but I'm having
difficulty in finding information on how to accomplish the following
tasks (bored of googling so I decided to ask here):
1. Remove/modify the banner presented by the coyote connector on the
server header of an http reply.
The Server header can be configured in the Connector declaration.
server='Sun Solaris IIS/6.0'
To limit the HTTP methods this can be done a few ways;
1) Use a servlet filter
2) Use web.xml and security constraints on those method types
3) ???
-Tim
LFM wrote:
Hi!
I'm hardening a Web Server
the HTTP methods this can be done a few ways;
1) Use a servlet filter
2) Use web.xml and security constraints on those method types
3) ???
-Tim
LFM wrote:
Hi!
I'm hardening a Web Server running Tomcat for a client, but I'm having
difficulty in finding information on how
:
The Server header can be configured in the Connector declaration.
server='Sun Solaris IIS/6.0'
To limit the HTTP methods this can be done a few ways;
1) Use a servlet filter
2) Use web.xml and security constraints on those method types
3) ???
-Tim
LFM wrote:
Hi!
I'm
in the Connector declaration.
server='Sun Solaris IIS/6.0'
To limit the HTTP methods this can be done a few ways;
1) Use a servlet filter
2) Use web.xml and security constraints on those method types
3) ???
-Tim
LFM wrote:
Hi!
I'm hardening a Web Server running Tomcat for a client, but I'm having
Hello all
I have a question, if you setup your own security in Tomcat by using your own
policy, is there anyway to modify this policy during runtime, without
restarting
tomcat itself? Is there any Java API you can use to modify the security manager
during run time?
Thanking you in advance
Hi everybody
I have a problem about tomcat security
One of my friend wrote a single code and he can travel every folder on
server
I wonder is there any config file for jakarta for disabiling access instead
of his folder
Maybe you know on php there was a security settings on php.ini
Yes. There is the catalina.policy file in the conf/ directory. See
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/security-manager-howto.html
for details.
Ben Ricker
On 8/9/05, Cengiz Yazgan [EMAIL PROTECTED] wrote:
Hi everybody
I have a problem about tomcat security
One of my friend
List
Subject: Re: tomcat security
Yes. There is the catalina.policy file in the conf/ directory. See
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/security-manager-howto.html
for details.
Ben Ricker
On 8/9/05, Cengiz Yazgan [EMAIL PROTECTED] wrote:
Hi everybody
I have a problem about tomcat
hi all,
we are having a problem with our Tomcat 5.5.9 cluster. We run 2 Tomcat
instances on physically different machines. For security we use normal
container managed security, configured in the web.xml. Session replication
works fine, and session id's are same across the two instances. We only
Am Dienstag, 19. Juli 2005 23:55 schrieb Ralf Schneider:
Hi,
I have some problems when turning the security manager of Tomcat 5.5.9 on.
When I load a JSP that has to be compiled after being changed I get a
strange exception:
ERROR [19.07.2005 23:30:45] (ApplicationDispatcher.java:704
maybe you must include web-app_2_3_2.dtd in your WEB-INF directory, and then
reload it ?
On 7/31/05, Ralf Schneider [EMAIL PROTECTED] wrote:
Am Dienstag, 19. Juli 2005 23:55 schrieb Ralf Schneider:
Hi,
I have some problems when turning the security manager of Tomcat 5.5.9on.
When I
Hi All,
Cookie information goes to the server in a clear text I think. I don't
know it can be
configured to send as a cypher text.
When it goes in the network to browser, If not ssl enabled,
Cookie;Jsessionid;value can be seen through Ethereal and also copied, If
anybody tries with
Simple solution: use SSL for all pages that have a session. AFAIK there's no
way to keep a session secure without it all being over SSL.
So the login process must be over SSL, and then everything until log-out should
be over SSL also (I'm making the assumption that you're only using sessions
Hi All,
Forgive me if this question is answered elsewhere but I've had no joy so
far.
I have created a servlet that uses RMI to communicate with my application
server. This works great if I start Tomcat from the command line thus:
catalina run -security
However, I cannot find how
Hi,
I have some problems when turning the security manager of Tomcat 5.5.9 on.
When I load a JSP that has to be compiled after being changed I get a strange
exception:
ERROR [19.07.2005 23:30:45] (ApplicationDispatcher.java:704) -
Servlet.service() for servlet jsp threw exception
Thanks Mark. I agree, but they are the security people and I have to at least
try to comply. Do you think it would be feasible for us to change the
org.apache.catalina.authenticator.AuthenticatorBase for Tomcat 4.1.18 to change
the session ID post logging in? We'd obviously have to recompile
The problem you describe is true of any session tracking system running
over http. The solution is to use https.
However, here's a question to fire back at your security team:
If you are worried about an attacker physically looking at a session ID
on a user's screen, what about if they decide
The short answers are:
1. No
2. No
The longer answer is:
This is categorically *not* a security issue with Tomcat. I have tested
this and Tomcat continues to operate correctly after a request with a
very long host header. This looks to me like an issue with your daemon.
And a few tips
Thanks a lot for your reply. We'll see if we can persuade our security guys to
drop this issue.
Kind regards,
Alex.
-Original Message-
From: Mark Thomas [mailto:[EMAIL PROTECTED]
Sent: Monday, 18 July 2005 2:50 AM
To: Tomcat Users List
Subject: Re: Tomcat security realms question
Hi all
I have a problem that's been raised by my security team to do with using
Tomcat JDBCRealms. We're using such realms to protect restricted resources. We
also have a custom login form. The steps Tomcat seems to follow when using such
a setup is:
1. Check to see if the user
When using tomcat clusters on an untrusted subnet or using a routable
multicast address, i see the potential for a rogue tomcat instance to
join a cluster in order to hijack session information. This doesn't
seem to be cured
by any firewalling of incoming connections to the valid servers, as,
Hi,
We are using Tomcat 4.0.4 in our product. We have a daemon which is a wrapper
around the tomcat.
We are facing one security issue with the Tomcat. If we send a HTTP packet with
a long string in the Host field, it closes the connection.
EX:
telnet machine port on which tomcat is running
, when I turned on security-constraint,my
images would show up for a split second then they would disappear. The
spots where they should be would not even work as a link like they are
setup to be. If you use Firefox it works fine. It works fine being
served up on a windows XP pc with tomcat 5.0.30
: 04 July 2005 20:13
To: Tomcat Users List
Subject: Re: Webapp security by IP range
Cope, Jared wrote:
I was wondering if it is possible to apply some webapp security that will
kick in for connections made from a certain IP range, and will not kick in
for another set of IP ranges.
How about
Hi,
I was wondering if it is possible to apply some webapp security that will
kick in for connections made from a certain IP range, and will not kick in
for another set of IP ranges.
The scenario is that I want users on our Intranet subnet to not have to
authenticate, but if users visit the site
Cope, Jared wrote:
I was wondering if it is possible to apply some webapp security that will
kick in for connections made from a certain IP range, and will not kick in
for another set of IP ranges.
How about:
- deploy the app twice under different contexts
- use a remote address filter valve
Configuation
--
Tommat 5.5.2
Windows XP
JDK 1.5
Requirement
--
I have a Security realm Authentication ready for a Web
Application linking to a Database. When the user sign
ups the form then he has to login into the application
through the signup form instead of directly
sense.
If Tomcat is bypassed by Apache for static content, how should it
handle security for these requests.
Edao, Aliye schrieb:
Hi,
Why don`t you use Apache to protect your static contents??
You might want to use .htaccess ??
http://www.csoft.net/docs/micro/htaccess.html.en
how do you authenticate ? basic ? form based ?
- Original Message -
From: Torsten Rmer [EMAIL PROTECTED]
To: Tomcat Users List tomcat-user@jakarta.apache.org
Sent: Thursday, June 16, 2005 11:42 PM
Subject: Container Managed Security and mod_jk/Static Contents
Hello!
In order
Subject: Container Managed Security and mod_jk/Static Contents
Hello!
In order to improve performance for static contents I have setup Apache
with mod_jk. Now only Struts' *.do requests are served by Tomcat, the
rest is done by Apache. Works fine.
Now I want to restrict access to some resources
Hello!
In order to improve performance for static contents I have setup Apache
with mod_jk. Now only Struts' *.do requests are served by Tomcat, the
rest is done by Apache. Works fine.
Now I want to restrict access to some resources using using container
managed security. That also works fine
: Torsten Rmer [mailto:[EMAIL PROTECTED]
Gesendet: Freitag, 17. Juni 2005 00:42
An: Tomcat Users List
Betreff: Container Managed Security and mod_jk/Static Contents
Hello!
In order to improve performance for static contents I have setup Apache
with mod_jk. Now only Struts' *.do requests are served
(not under ROOT any
more) and the web.xml file in the WEB-INF subdirectory has been set up
to use the correct path. I also included the security-role element Frank
mentioned below.
The web-app portion of web.xml looks like this:
web-app xmlns=http://java.sun.com/xml/ns/j2ee;
xmlns:xsi=http://www.w3
and error.jsp to a subdirectory, maybe /Simple_JSP/content
or something, then of course update the security constraint to constrain
that new directory.
Actually, one other thing... the references to the login form and the
login error page in the login-config element I believe are relative
See my comments/questions below.
-Original Message-
From: Frank Zammetti [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 15, 2005 11:37 AM
To: tomcat-user@jakarta.apache.org
Subject: RE: Help/Examples setting up security settings2
Although I don't think this is the source of your
Let's try that again so that you can see it.
See my comments/questions below.
-Original Message-
From: Frank Zammetti [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 15, 2005 11:37 AM
To: tomcat-user@jakarta.apache.org
Subject: RE: Help/Examples setting up security settings2
Although I
. That is a good idea. Didn't think it would matter much for such a
simple test.
Not a problem, we all go through a learning phase :) I'm not sure it
would matter either frankly, but it seems like it might... if you
request environment.jsp, the security intercept happens and tries to
redirect to login.jsp
on you
login/error pages...
Øyvind
-Opprinnelig melding-
Fra: Frank Zammetti [mailto:[EMAIL PROTECTED]
Sendt: 15. juni 2005 17:37
Til: tomcat-user@jakarta.apache.org
Emne: RE: Help/Examples setting up security settings2
Although I don't think this is the source of your problem
on you
login/error pages...
Øyvind
-Opprinnelig melding-
Fra: Frank Zammetti [mailto:[EMAIL PROTECTED]
Sendt: 15. juni 2005 17:37
Til: tomcat-user@jakarta.apache.org
Emne: RE: Help/Examples setting up security settings2
Although I don't think this is the source of your problem
and error.jsp to a subdirectory, maybe /Simple_JSP/content
or something, then of course update the security constraint to constrain
that new directory.
Actually, one other thing... the references to the login form and the
login error page in the login-config element I believe are relative
and error.jsp to a subdirectory, maybe /Simple_JSP/content
or something, then of course update the security constraint to constrain
that new directory.
Actually, one other thing... the references to the login form and the
login error page in the login-config element I believe are relative
Hello,
In a security-contraint section of my web.xml, i'll like to state that any
authentified user is allowed to access, no matter his role. I search the net
and found suggestion about using
auth-constraint
role-name*/role-name
/auth-constraint
or
auth
form-error-page/SPID_JSP/login_error.html/form-error-page
/login-config
security-constraint
web-resource-collection
web-resource-nameSPID JSP
Test/web-resource-name
url-pattern/SPID_JSP/*/url-pattern
page will be returned to them
automatically.
That part usually confuses people at first (I think it did me too for a
few minutes when I first dealt with this). Just remember, it's an
intercept-based security mechanism... when the user tries to hit a
protected resource, the request is intercepted
/login_error.html/form-error-page
/form-login-config
/login-config
security-constraint
web-resource-collection
web-resource-nameSPID JSP
Test/web-resource-name
Gagnon, Joseph M (US SSA) wrote:
snip
2. I have placed a WEB-INF directory under my test application
directory ([tomcat install dir]/webapps/ROOT/SPID_JSP) and put a web.xml
file in it. (SPID_JSP is where the JSP and HTML files reside.)
snip
You will need to fix this before anything
other thing I see is you are missing security role definitions in
your web.xml. You'll want to add something like this:
security-role
descriptionspid_jsp/description
role-namespid_jsp/role-name
/security-role
The role-name element maps to the role you created in tomcat-users.xml
Hello,
Does anyone have any examples of how to set up my deployment descriptor
(web.xml in Tomcat 5.5.9) to do BASIC authentication (of any of the
other methods, for that matter)?
I've looked at various sources of information on the web (including some
of Sun's sites), but have not yet found
Having just spent a couple of weeks integrating a new security framework
into an existing app, a framework that works in concert with J2EE
security, let me see if I can help... Hang on, this is going to be a long
post!...
J2EE security (I *thimk* that's what it's called this week!) works
From: Frank W. Zammetti [mailto:[EMAIL PROTECTED]
Subject: Re: Help/Examples setting up security settings
Having just spent a couple of weeks integrating a new
security framework into an existing app, a framework
that works in concert with J2EE security, let me see
if I can help
happy to do so. :)
--
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com
On Mon, June 13, 2005 3:45 pm, Caldarale, Charles R said:
From: Frank W. Zammetti [mailto:[EMAIL PROTECTED]
Subject: Re: Help/Examples setting up security settings
Having just
null. After reading in
the JSP and Java servlet specifications, I see that this call would
return null if the user is not authenticated. Reading further, I get
the impression that by default, no authentication is needed to access
resources. If a security mechanism is specified in the deployment
From: Gagnon, Joseph M (US SSA)
[mailto:[EMAIL PROTECTED]
Subject: Problem with security?
I have a situation where I want to be able to provide user access
to an application by determining the identity of the requesting
user, without them having to go through a login procedure.
Those seem
From: Gagnon, Joseph M (US SSA)
I have a situation where I want to be able to provide user
access to an
application by determining the identity of the requesting
user, without
them having to go through a login procedure.
OK. So what identity can the browser present that you wish to
so, I keep getting null. After reading in
the JSP and Java servlet specifications, I see that this call would
return null if the user is not authenticated. Reading further, I get
the impression that by default, no authentication is needed to access
resources. If a security mechanism
I believe I've covered that all in my original message. Read further.
-Original Message-
From: egan0019 [mailto:[EMAIL PROTECTED]
Sent: Friday, June 10, 2005 10:10 AM
To: Tomcat Users List
Subject: Re: Problem with security?
Look into the ServletRequest interface. That interface
M (US SSA) [mailto:[EMAIL PROTECTED]
Sent: Friday, June 10, 2005 8:43 AM
To: Tomcat Users List
Subject: RE: Problem with security?
I believe I've covered that all in my original message. Read further.
-Original Message-
From: egan0019 [mailto:[EMAIL PROTECTED]
Sent: Friday, June 10
me know.
-Original Message-
From: Robert Harper [mailto:[EMAIL PROTECTED]
Sent: Friday, June 10, 2005 10:59 AM
To: 'Tomcat Users List'
Subject: RE: Problem with security?
I think you have missed the point that you cannot get user information
unless the user authenticates. You don't want
9:19 AM
To: Tomcat Users List
Subject: RE: Problem with security?
Did I not say that I'm new to this?
I made no mention to whether or not I was trying to make it secure.
This is only meant to be used within my company's intranet and my
intention was to take the user account and then compare
in mind I'm
new at this), please let me know.
-Original Message-
From: Robert Harper [mailto:[EMAIL PROTECTED]
Sent: Friday, June 10, 2005 10:59 AM
To: 'Tomcat Users List'
Subject: RE: Problem with security?
I think you have missed the point that you cannot get user information
I'm
new at this), please let me know.
-Original Message-
From: Robert Harper [mailto:[EMAIL PROTECTED]
Sent: Friday, June 10, 2005 10:59 AM
To: 'Tomcat Users List'
Subject: RE: Problem with security?
--
Robert r. Sanders
Chief Technologist
iPOV
(334) 821-5412
1 - 100 of 1624 matches
Mail list logo