tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Does Tomcat server printout System.out.print infor?
Date Tue, 14 May 2019 16:36:46 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Karen,

On 5/14/19 07:45, Karen Goh wrote:
> On Tue, 5/14/19, Christopher Schultz <chris@christopherschultz.net>
> wrote: On 5/11/19 22:39, Karen Goh wrote:
>> Currently, I am uploading a new .war file up to my hosting 
>> company.
>> 
>>> However, I am puzzled how things work and would like to check
>>> what is the norm out there. They are using httpd apache server
>>> and tomcat.>> Basically, I have subscribed a private Tomcat
>>> server so I get an instance of Tomcat server - 8.0.27.
> 
>> That version is no longer supported by the "vendor" (Apache). You
>>  should tell your hosting company that you want a supported
>> version if they are going to charge you for it :)
> 
> May I know what version should I go for ?

I would ask for 8.5.40 (or close) or 9.0.19 (or close). Those are the
two currently support versions undergoing active development. Tomcat
7.0.x is still supported, but not much work is being done there anymore.

>> What kind of access do you have for the server? If you have shell
>>  access, you can probably get the logs. Using System.out.println
>> is not a great idea as it's pretty inflexible. It's better to use
>> a "proper" logging system where you can specify the log file
>> name, etc.
> 
> I do have access to the Catalina log.

Good.

> The technical support guy just told me that they have put in the 
> logging jar for me in their Tomcat server!

That shouldn't be necessary. System.out.println usually goes to
catalina.out, so you should already be all set. It's possible to
redirect it on a per-context basis, but then it just goes into another
file, also in the logs/ directory. Do you have any other log files in
there alongside catalina.out?


>> If you are using container-managed authentication (which is what
>>  Tomcat Realms provide), then you have to trust the hosting 
>> provider. There is no way to prevent the hosting provider from 
>> seeing any secrets you have in that configuration.
> 
> I am now mulling if I should use JWT.  In this case, I can skip
> the Realm configuration in tomcat right ?

I have no experience with JWT. But if you don't trust your hosting
provider, how can you trust them not to intercept your traffic, look
at your databases, etc.? Your realm configuration is the least of your
worries.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlza7p0ACgkQHPApP6U8
pFjFuRAAuxbPAYClfZ24LuVwgWG4xlfAYww1ni7SPFr2wPXbUcQgB0ThPzYAegL6
3gA4Lzbx6u+ZTfVHdZr8AYCkudf0oBh9UoLU/7DHQTtgchsyUCVkIS3dNILlJlR0
4MG21YWcFNzzEIQ+N1jsupLZoojyd+vbzKdyNjCdPKzWbF3XVSfK8vhn+PEOGQPV
eECPXtLslZqyiFpUHNBZm/lnnXvlH/3qV0Mjqe4GWSVS33NGAdJQRIWvQjxKi3rY
TnBLspyb0PFUWZo4OwVTa8bkM7MLsMn6RhdrPWy1vIl34Jy8GkS+azO5MgYjVpCZ
VWb+tFHNP4hcnFii0JsX5q5Ugb+F8WhugjzTvbJiQ0Rq9xCO0NRVcF6GJxnoD9NI
8EkB/uHfwI0DJCDl33azl8CoomNQ0Btnf+yIMNi4MVux8H76dXjzUDne1gASmNgi
zuO/rDLSQ+0f4f1tflZV89KiwXvSMea3dNw9tRQ2vKQ0kdhp8fQ/oF7QHFURjFeM
+OEWKfIz+DEmCbI20TqENutTLFb6YeTpVDVkiB2uih1LoXMkccoZFOgKKYARJDev
x0qw3AX/PhHTPtBIaokJAQT1fWTcboD4FHHHLiQ8FpKTAjPHFzkOwoSUFEsiAXYM
M3mdX40l5TrPnBvYRHons8gvVlmfIgA0p+1sbD0ngOpDEd7iA4k=
=/ZG2
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message