Win a copy of Rust Web Development this week in the Other Languages forum!

Thomas Griffith

Ranch Hand
+ Follow
since Sep 30, 2020
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
6
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Thomas Griffith

ok, after trying all the approaches here, I had the jre only. I changed path to JDK and it seems to see it now. Thank you so much.
3 days ago
Hello. I receive that when running jar -cvf blah.war *.* from command line.

I've been doing this for years but have new laptop. JDK 8.

Ran java -version and get the priper java version stuff back (so I don't think it's the PATH environent variable)

Ran java -jar and receive stuff back, all the parameter options, etc. Although the first line is Error -jar requires jar file specification.

Does anybody have any ideas? I don't see a jar.exe but I think that would be for old java versions anyway. Thank you very much.
3 days ago
Thanks, Tim. I downloaded ojdbc8 and tested and it looks ok in oracle 12 (before they move to oracle 19). I was checking Oracle 21 release and it appears ojdbc8 is good with that one as well. What's weird is that ojdbc10 is listed for oracle 19 and ojdbc11 for oracle 21, but ojdbc8 is also listed for both. Is ojdbc8 a "long-term support" driver or something? thank you again.
Hello. Will ojdbc6 driver still work with Oracle 19? I've read different things...like existing code will work, you just can't use newer stuff. Thank you.
2 weeks ago
To run Tomcat and Apache Server, it is separate installs and has to be configured?
1 month ago
From what I've read, Tomcat and Apache Server are twp distinct things, right? Initially, I feared Tomcat was running it's http service on Apache Server but that doesn't appear to be the case.
1 month ago
Hello. It appears security team identified one of my servers as bieng at risk, although I don't run log4j in Tomcat nor the apps. I have three identical instances and strange it picked this one up. They passed along the updating to Apache 2.4.49 or later message. What does that mean exactly as I installed and running Tomcat 9 (it's own HTTP, right?). I suspect the security scan is picking up the presence of log4j jar in the Tomcat lib or something else weird. Thank you.
1 month ago

Tim Holloway wrote:Each and every webapp, however, is responsible for its own logging. And each and every webapp can use any logger or loggers that it likes. So each and every webapp will have to be individually checked for that vulnerability.



Tim, thank you. I checked each webapp lib and context files. I found log classes source code but don't see anything there. commons-logging-api.jar is in the lib. Is that an issue. I viewed inside that jar and don't see any log4j. Where else would I check?
1 month ago

Tim Moores wrote:Something like

grep -lri log4j TOMCAT_DIR/webapps

might be a good start. There will be false positives (like commons logging, logback and slf4j, which Stephan mentioned), but it's a start to find log4j config files and libraries, and which other code and libraries use them.

If your Tomcat uses other (or more) directories for web app, repeat as necessary.



Thank you. Is that Linux? I'm in Windows but I'll goggle.
1 month ago
Thanks. Yeah, I set the system PATH. Without logging out of the OS, javac/java ran right away, confirmed with "java -version". I then typed "java -jar commons-logging.api.jar" (as opposed to jar tf) and received "no main manifest attribute, in commons-logging-api.jar".  I'll try to log out.

I copied the commons-logging-api.jar as a zip and opened in file explorer. I see a manifest file in there and I don't see any log4j stuff...
1 month ago
Thanks. Yeah, I was going to view and the contents of the jars via the command line before trying to go to the recursive code route. However, although PATH is set, when I try"jar tf commons-logging-api.jar", I get a "jar is not recognized as an internal or external command..." I have a new pc and it was good on my old one.
1 month ago
Ok. I see the tomcat-juli-jar present in bin and see the juli references in conf/logging.properties. So the jar is there as an option for configuration...

I don't see any log4j jars in the web apps libs. Would the only way to confirm the apps aren't using it is the source code  (import, etc)? The libs contain commons-logging-api.jar...
1 month ago
Hello. I was asked if my Tomcat instances use log4j. In googling, it looks as though this isn't a Tomcat (9( default. Is there a way to confirm these instances do/don't use it? Is the bootclasspath the lib directory? I looked there for any log4j jars and see none. i alse checked the localhost/Cataliba for any log4j files and don't see anything. Thank you very much.
1 month ago

Tim Holloway wrote:Download copies of the S3 libraries that you need and include them in the classpath when you run the Java application.



yeah, right now I'm just trying to "proof of concept" this. I guess my question is still where can I download the aws libraries? I can't find anywhere to get these in a compressed format. I've found a few jars here or there on mirror sites and look inside and they are aws maven classes.
2 months ago