Re: Tomcat (catalina.jar) Security Question

On 06/05/2021 14:09, Robert Hicks wrote: We are getting evaluated and one of the items that I need to do is change the "ServerInfo.properties" in the catalina.jar to set "server.info" and "server.version" to nonsense (really). I have the following Valve setup as well: At what point would the

Tomcat (catalina.jar) Security Question

We are getting evaluated and one of the items that I need to do is change the "ServerInfo.properties" in the catalina.jar to set "server.info" and "server.version" to nonsense (really). I have the following Valve setup as well: At what point would the "ServerInfo.properties" actually show a

Re: Security question

2017-05-11 17:21 GMT+03:00 Pesonen, Harri : > > Hello, > > the following lists Tomcat versions 8.5.0 – 8.5.12, does it mean that the problem has been fixed in 8.5.13 and later? yes http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.13 Regards, Violeta > >

Security question

Hello, the following lists Tomcat versions 8.5.0 - 8.5.12, does it mean that the problem has been fixed in 8.5.13 and later? https://nvd.nist.gov/vuln/detail/CVE-2017-5651 I assume that it has been fixed, as 8.5.13 readme has: * [Fix:]

Re: Security question about Multiple instances of Tomcat running as non-admin users on a single box

: Guy Pontecorvo [mailto:guy.ponteco...@pearson.com] Sent: Friday, January 21, 2011 11:56 AM To: users@tomcat.apache.org Subject: Security question about Multiple instances of Tomcat running as non-admin users on a single box We currently run multiple instances of tomcat Version 6.0.20, each

Re: Security question about Multiple instances of Tomcat running as non-admin users on a single box

Hi, On 25 January 2011 18:00, Guy Pontecorvo guy.ponteco...@pearson.com wrote: We run as many as 15 apps on a single xServe box. The corresponding Oracle 10g databases run on a separate server. Everything is automated. Start up, shutdown, updates etc. are scripted and executed using sudo.

Re: Security question about Multiple instances of Tomcat running as non-admin users on a single box

- From: Guy Pontecorvo [mailto:guy.ponteco...@pearson.com] Sent: Friday, January 21, 2011 11:56 AM To: users@tomcat.apache.org Subject: Security question about Multiple instances of Tomcat running as non-admin users on a single box We currently run multiple instances of tomcat Version

Re: Security question about Multiple instances of Tomcat running as non-admin users on a single box

Guy Pontecorvo schrieb am 21.01.2011 um 09:56 (-0800): We currently run multiple instances of tomcat Version 6.0.20, each in its own non-admin user account under Mac OSX 10.5. This has been a great way to host multiple web applications (student information systems) on a single box. Each app

Re: Security question about Multiple instances of Tomcat running as non-admin users on a single box

On 1/21/11 5:56 PM, Guy Pontecorvo wrote: Because Xserve is being discontinued we are considering the possibility of migrating our environment to Windows 2008 R2 The JDK tools have a few more small functions on *nix than Windows - small but rather useful. This IMHO, is one key reason to stick

Security question about Multiple instances of Tomcat running as non-admin users on a single box

We currently run multiple instances of tomcat Version 6.0.20, each in its own non-admin user account under Mac OSX 10.5. This has been a great way to host multiple web applications (student information systems) on a single box. Each app is secure in its own user account space and can't read or

RE: Security question about Multiple instances of Tomcat running as non-admin users on a single box

it the way you do now. It's called a pilot program. Jeff -Original Message- From: Guy Pontecorvo [mailto:guy.ponteco...@pearson.com] Sent: Friday, January 21, 2011 11:56 AM To: users@tomcat.apache.org Subject: Security question about Multiple instances of Tomcat running as non

Security question - starting tomcat as non-root user

Hi, I'm running Tomcat 5.5.20 with an application built under Netbeans 5.5. The application works fine. I've found a number of things on the web regarding the issue of running as a non-root user, but none match my needs exactly. If someone could point me at the right documentation, or answer

Re: Security question - starting tomcat as non-root user

On 4/11/07, Neil B. Cohen [EMAIL PROTECTED] wrote: Situation - I am installing tomcat and running it on port 8080. However, it is currently being started by the root user and I need to change that. If I just run the startup script as user 'foo', I get errors because it can't read various

Re: Security question - starting tomcat as non-root user

I didn't realize it could be that simple :) Thanks very much - I will give that a try... Much obliged, nbc On Wed, 2007-04-11 at 07:59 -0700, Hassan Schroeder wrote: On 4/11/07, Neil B. Cohen [EMAIL PROTECTED] wrote: Situation - I am installing tomcat and running it on port 8080.

Re: Security question - starting tomcat as non-root user

Did you try running tomcat with JSVC. It'll run it as a deamon with the user privileges of your choicde On 4/11/07, Neil B. Cohen [EMAIL PROTECTED] wrote: I didn't realize it could be that simple :) Thanks very much - I will give that a try... Much obliged, nbc On Wed, 2007-04-11 at

Re: security question for this group

Prabhat Kumar (IT) wrote: I am trying to figure out how to prevent a situation where a user has a runaway page that is a super user page (and unauthorized). The page has a text area that takes an SQL query and executes this on the applications database. My question is, how can such

security question for this group

I am trying to figure out how to prevent a situation where a user has a runaway page that is a super user page (and unauthorized). The page has a text area that takes an SQL query and executes this on the applications database. My question is, how can such unauthorized tasks be prevented in