-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Ognjen,
On 11/25/13, 7:27 AM, Ognjen Blagojevic wrote: > Current 401 page for Manager application says something like: > > ==== You are not authorized to view this page. If you have not > changed any configuration files, please examine the file > conf/tomcat-users.xml in your installation. That file must contain > the credentials to let you use this webapp. > > For example, to add the manager-gui role to a user named tomcat > with a password of s3cret, add the following to the config file > listed above. > > <role rolename="manager-gui"/> <user username="tomcat" > password="s3cret" roles="manager-gui"/> ---- > > What most users do is to copy the XML example, and paste it into > tomcat-users.xml. If that were the case, I would have expected to see "tomcat:s2cret" listed in the worm's "obvious creds" list. Since it's not there, I suppose that either it's not used very often in the wild or the authors are not very smart. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSk6t1AAoJEBzwKT+lPKRY/ukP/3Ji0L9U6N/cyPJZesP/tWYG 2ZVPTTGDgsBJIO7FnVCy/kYAiNu91ioMVvaKJE2pVKvn/umv0iRT0IMK7QbIB8BN hh1D6DqfDnsswJwWlZRT28E1bod1BH7ic/g8PUK8u4B/aePd0esnZRTZs9GxZ98g CY4Ut+o6Kq/SbcKusSIukOgUKKx0Z19VVcIn9yDlF2sm/wcUz44zq7vE0JLMTmI4 mED0oF8cfh8W/VwU8RB86Ce9ERwiMAsPGgMaOpkN+hnbYyAjTyeh64DnL6X4jzgf /UJeX4OU6EQD5n/RDvG72d/8jreqVwnv4rpITaFRdqrFlQ1RrLzoWuZOIHS//2uH ZaHyhZJGvPUJcNfNW2q8+NAmmT03JsPoOMG8ecd8FXF8N6yXCxmcgnehbQ3velPT LZqaqlykzcgHz3uqYsbhXHZ0maIhaX0AOrgP7NpBeyNCT6BqLwk9qxbo99+hHJSq FjjfxZQ0q/Xu52485u8PygyK0WS6Ci6YnLzA7TK1pPyCsQhy4tbRvNytGep0KuJ5 pZE5hzobMPaGJqDjnFrb29IYlSo6dHz+Y+V3XFMSL6DWm/R5dkwvCKOKHlm+I+OY 0+d4KQ3ejfTuHnBpw9ZSxvsVAyGmWJVAS37O0/N1wDgqYiVnG5dsVp+Av5ypqXdW UX96gGqjv6tFvGjqi3Fw =Xs7A -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org