02:16.45 | *** join/#tomcat yellow (n=yellow@unaffiliated/yellow) |
03:02.48 | *** join/#tomcat yellow (n=yellow@unaffiliated/yellow) |
03:54.36 | *** join/#tomcat yellow (n=yellow@unaffiliated/yellow) |
04:34.46 | *** join/#tomcat yellow (n=yellow@unaffiliated/yellow) |
05:08.56 | *** join/#tomcat wsmoak_ (n=wsmoak@ip68-110-100-131.ph.ph.cox.net) |
05:22.33 | *** join/#tomcat wsmoak_ (n=wsmoak@ip68-110-100-131.ph.ph.cox.net) |
05:31.34 | *** join/#tomcat wsmoak_ (n=wsmoak@ip68-110-100-131.ph.ph.cox.net) [NETSPLIT VICTIM] |
05:31.34 | *** join/#tomcat kousuke (n=kikuchi@221x251x19x21.ap221.ftth.ucom.ne.jp) [NETSPLIT VICTIM] |
05:31.34 | *** join/#tomcat sunbug (n=sunbug@absolutlinux.no) [NETSPLIT VICTIM] |
05:31.34 | *** join/#tomcat coreyt (n=corey@pool-71-252-254-218.dllstx.fios.verizon.net) [NETSPLIT VICTIM] |
05:31.34 | *** join/#tomcat fallout (i=fallout@nemean.spikeman.net) [NETSPLIT VICTIM] |
06:06.07 | caverdude | is it bad if I startup tomcat as root? |
06:06.11 | caverdude | or install it as root? |
06:06.25 | caverdude | how can tomcat be exploited if I did? |
06:10.25 | jasonb | caverdude: In my opinion, it's fine. |
06:10.32 | caverdude | ok |
06:10.34 | caverdude | thanks |
06:10.47 | jasonb | caverdude: But, don't install it as root if you do not have the time to code your webapp such that it is secure. |
06:11.03 | caverdude | hrm |
06:11.04 | caverdude | ok |
06:11.16 | caverdude | well a book suggested making a tomcat user |
06:11.47 | jasonb | Also, if you do not believe you're experienced enough to know the main couple/few security things to watch out for as a webapp developer, then don't install it as root. |
06:11.59 | jasonb | In general, Tomcat itself is *very* secure. |
06:12.08 | jasonb | But, they didn't write your webapp. |
06:12.29 | caverdude | true |
06:12.43 | caverdude | thanks |
06:13.27 | jasonb | Generally, it's plenty secure to run it as root on port 80. |
06:13.49 | caverdude | ok thanks |
06:13.52 | caverdude | I feel better now :) |
06:14.11 | jasonb | I'm not aware of even a single case where a server running Tomcat that was running as root was hacked via HTTP. |
06:20.02 | *** join/#tomcat jasonb_ (i=noneoyer@adsl-66-124-73-250.dsl.sntc01.pacbell.net) |
06:21.30 | yassine | hey jasonb |
06:21.46 | jasonb | hey there yassine! |
06:21.53 | jasonb | How's it giong? How's the baby? |
06:22.16 | yassine | growing and growing :) |
06:27.12 | jasonb | Outstanding. Mine as well. |
06:27.35 | jasonb | Is yours smiling yet? |
06:34.33 | yassine | jasonb, whats that ? |
06:34.55 | jasonb | yassine: I assume you didn't see Chapter 6, Security in the first edition of our book? |
06:35.37 | jasonb | You can download that chapter as a PDF here: http://www.oreilly.com/catalog/tomcat/chapter/index.html |
06:36.19 | jasonb | In there, I explained about Cross Site Scripting (XSS), HTML injection, etc. And, I wrote a Tomcat Valve that filters bad user input to prevent it from happening. |
06:37.02 | jasonb | Since then, Filters have become more popular, so I also implemented a Filter that does the same thing as the Valve. |
06:37.40 | yassine | ahh i see |
06:38.21 | jasonb | I often thought it wouldn't be real tough to take a Valve and make it into a Filter, since they're similar.. as long as the Valve's functionality did not depend directly on any Tomcat-specific API. |
06:39.24 | jasonb | So, I set out to translate my BadInputValve into a Filter that does the exact same job. |
06:59.49 | *** join/#tomcat LongBeach (n=mike@AFontenayssB-152-1-39-34.w83-114.abo.wanadoo.fr) |
07:00.17 | *** join/#tomcat yellow (n=yellow@unaffiliated/yellow) |
07:21.34 | *** join/#tomcat Thorn (n=kvirc@unaffiliated/thorn) |
09:39.11 | *** join/#tomcat gregor_k (n=a@p54A1BC2C.dip0.t-ipconnect.de) |
09:42.14 | *** join/#tomcat yell0w (n=yellow@unaffiliated/yellow) |
10:54.22 | *** join/#tomcat yass|ne (n=yassine@xdsl-84-44-155-204.netcologne.de) |
11:04.09 | *** join/#tomcat l0ngbeach (n=mike@AFontenayssB-152-1-38-49.w83-114.abo.wanadoo.fr) |
12:23.13 | *** join/#tomcat yel (n=yassine@dsl.voicint.com) |
13:00.38 | *** join/#tomcat levon (n=levon@p54BC9A13.dip0.t-ipconnect.de) |
15:00.22 | *** join/#tomcat wsmoak (n=wsmoak@ip68-110-100-131.ph.ph.cox.net) |
15:13.45 | *** join/#tomcat jasonb_ (i=noneoyer@adsl-66-124-73-250.dsl.sntc01.pacbell.net) |
16:35.43 | *** join/#tomcat twilight\ (n=ask@89.10.28.162) |
16:46.41 | *** join/#tomcat seevash (n=jixjax@user-1121dm5.dsl.mindspring.com) |
17:41.23 | *** join/#tomcat LongBeach (n=mike@AFontenayssB-152-1-20-152.w83-114.abo.wanadoo.fr) |
17:43.28 | *** join/#tomcat yell0w (n=yellow@unaffiliated/yellow) |
18:20.21 | *** join/#tomcat gnome_ (n=gnome@pa144.kobylin.sdi.tpnet.pl) |
18:32.53 | gnome_ | Is anybody here? |
18:38.33 | gnome_ | ok i write on some forum :( |
18:38.43 | *** part/#tomcat gnome_ (n=gnome@pa144.kobylin.sdi.tpnet.pl) |
19:03.48 | *** join/#tomcat twilight\ (n=ask@89.10.28.162) |
19:27.45 | *** join/#tomcat ezratay (n=etaylor@p78-70.acedsl.com) |
19:57.55 | *** join/#tomcat esk-syntactic (n=paulo@eu83-213-160-232.clientes.euskaltel.es) |
21:04.50 | *** join/#tomcat mulder (n=mulder@auv30-1-82-246-95-13.fbx.proxad.net) |
21:04.59 | mulder | hello every one |
21:05.29 | mulder | im looking for somebody which can help me to send a mail with tomcat :-( |
21:21.40 | mulder | nobody there to help me ? |
21:39.50 | *** join/#tomcat saykoshey (i=GIR@60-142.surfsnel.dsl.internl.net) |
21:40.33 | saykoshey | Hi, i'm compiling tomcat from scracth and i'm having problems with it |
21:40.39 | saykoshey | it seems to bork on dbcp |
21:40.46 | saykoshey | I have jdk 1.6 |
21:40.57 | saykoshey | anybody willing to lend me a helping hand? |
21:41.56 | saykoshey | tomcat version 5.5 |
21:42.09 | saykoshey | slackware 11 |
21:54.46 | *** join/#tomcat jbalint (i=jbalint@unaffiliated/jbalint) |
22:11.35 | *** join/#tomcat yell0w (n=yellow@unaffiliated/yellow) |
22:20.28 | *** join/#tomcat fowlduck (n=nate@24-183-45-79.dhcp.mdsn.wi.charter.com) |
22:21.45 | fowlduck | i'm using tomcat 5.5.20, java 1.5.0_06-113, and osx 10.4 |
22:22.29 | fowlduck | i want to add application-level variables to be persistent throughout the application, would i add those in the web.xml file? |
22:40.56 | fowlduck | hmm, i think i'm looking for context-params |
22:42.14 | fowlduck | so no one is around, eh? booo! ;) |
22:52.19 | *** join/#tomcat wsmoak (n=wsmoak@ip68-110-100-131.ph.ph.cox.net) |
22:56.31 | *** join/#tomcat yass|ne (n=yassine@xdsl-84-44-154-121.netcologne.de) |
23:12.53 | *** join/#tomcat sunbug (n=sunbug@absolutlinux.no) |
23:16.31 | *** join/#tomcat sthulbourn (n=sthulbou@cpc1-leic12-0-0-cust405.lei3.cable.ntl.com) |
23:17.33 | sthulbourn | Hey. My tomcat version is: 5.5.17 OS: Linux |
23:17.58 | sthulbourn | Anyhow, I have a rather cryptic error, Incompatible magic value 1768779887 in class file example |
23:18.43 | sthulbourn | http://paste.secure.info/194 http://paste.secure.info/195 |
23:18.47 | sthulbourn | My JSP page and my bean |
23:41.46 | *** join/#tomcat fowlduck (n=nate@24-183-45-79.dhcp.mdsn.wi.charter.com) |
23:52.02 | *** part/#tomcat sthulbourn (n=sthulbou@cpc1-leic12-0-0-cust405.lei3.cable.ntl.com) |
23:59.02 | *** join/#tomcat fowlduck (n=nate@24-183-45-79.dhcp.mdsn.wi.charter.com) |