Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I have a web application with Tomcat 7.0.42. I have recently found on my server files I havent uploaded. these hacker files allow anybody to create files on my server.
I'd really like to figure out how they have got access to my server. In my web application I have a form to interact with users, but all fields are restricted with regular expression and I use prepared statements to deal with the database.
Moreover I uploaded a version of my web application which ONLY displayed information, I removed all forms and I didnt let any type of interaction with users. I also changed passwords. But files still appearing
I would like to discuss possibles vulnerabilities and solutions to them:
Remove write permissions on tomcat webapps folder once I have uploaded my war?
May my code be corrupted?
Any help would be so much appreciated, thanks in advance!
As Mark pointed out, the easiest way to get into a Tomcat server it's by accessing the Tomcat Manager with a week or default password.
Make sure it's not publicly available, you have a strong password and check your JSP code for web vulnerabilities.
Once you have been hacked, you could already be backdoored, either at code level or by some rootkit in your server. Check your web logs, what commands had been executed recently, and IMHO a "rm -rf /" to make sure everything is wiped out.
Ignacio.
Try reading the Tomcat security docs http://tomcat.apache.org/tomcat-7.0-doc/security-howto.html
First check to see if the Manager application is present and if you have configured a user with a weak password for that app.
Looking at the access log is usually my next port of call.
As #Grimby rightly pointed out, Tomcat might not be the way they are getting in.
Related
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 5 years ago.
Improve this question
Can anyone tell how to allow the cross site scripting in the jhipster so that the warning can be resolved?
A Parser-blocking cross site (i.e. different jsapi:22 eTLD+1) script,
https://www.google.com/uds/?file=elements&v=1&packages=transliteration,
is invoked via document.write. The network request for this script MAY
be blocked by the browser in this or a future page load due to poor
network connectivity. If blocked in this page load, it will be
confirmed in a subsequent console message. See
https://www.chromestatus.com/feature/5718547946799104 for more
details
as well as multiple occurences of the same message referencing different Google scripts.
The warning you're receiving is due to you including the Google Transliterate API in a manner which may result in poor user experience on devices with slow network connections.
Somewhere in the scripts for your site, you'll have a line which looks something like this:
document.write('<script src="https://www.google.com/uds/?file=elements&v=1&packages=transliteration"></script>');
There may be multiple scripts in one document.write or they may be split across several calls. This may not be the only thing in the call to document.write.
To remove this warning, you'll need to move all of your <script> tags outside of calls to document.write.
See this post for more details.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I'm wondering if its a normal thing and if its possible for Windows 10 to update despite the fact that there is no internet connection?
I am asking since I'm worried that the update may have erased a major portion of my code I was working on before I can save it and commit it to my repository.
Edited:
Blue update screen
What my screen look like currently:
if this PC is connected to a network with other Windows 10 PC and they are all running the Windows Update Delivery Optimization, you might get the updates without direct internet connection.
http://windows.microsoft.com/en-us/windows-10/windows-update-delivery-optimization-faq
No, that's not possible without internet connectivity - there is no magical resource where Windows updates could come from. If you haven't restarted your computer in ages then the update (the update you are experiencing is a regular windows update package, usually [that's the normal setting] downloaded automatically and without you noticing it) might have been downloaded in the past when there was connectivity and Windows now forced your computer to reboot and install the update - that's a important security feature of Windows, since inexperienced users might never reboot their computer and that way never get any security updates.
Normally, these forced reboots are announced (either a couple of minutes or 60 seconds, I'm not entirely sure) before, so you have time to save your work and finish what you are working on. I can only guess you were annoyed by "another popup" and just hit OK or some other means of disposing that notification.
In the future, you can do the following:
save to file/commit (and push) your work frequently (either save to file frequently - If the OS updates, restarts, etc... your personal files will not be affected or deleted or commit to a repository and eventually push the results to a remote like GitHub for example)
Reboot frequently (normally, you would turn your computer off at night), so you are not forced to reboot in the future. Your computer's performance will also benefit from this.
Use an IDE that automaticall saves, like IntelliJ IDEA - every time you stop typing it automatically saves the edited file to disk - you will never lose your work again.
Also, don't panick-post a not constructive question on Stack Overflow. Really, this question is objectively not constructive and you just wanted to make some air for your frustration, don't you? Chill, watch some YouTube or something while the update is installing, check whether anything is lost, and then ask a constructive question, if one results out of your situation.
This question already has answers here:
How do I "decompile" Java class files? [closed]
(19 answers)
Closed 8 years ago.
I would like to know if Java code is decompilable? Because I am doing an app for Android and i'm wondering if using the mysql connector is safe or not?
Talking about the java code into an android application.
Thanks for your answers.
Your question is a nice example of the XY problem. It seems that you intend to, actually, have an android app use a database. Decompilation is the least of your worries. A user can use a packet sniffer to also get your authentication details in some cases. A simple strings foo.apk search can come up with the DB authentication details. Someone could hit your DB server from outside irrespective of your app;
A more viable solution would be to set up a web server that can handle untrusted requests and forward them to the database after filtering them. Then, you no longer have the risk of people stealing your DB credentials from the APK or device, since they no longer live there.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
I've been going through a very frustrating time trying to distribute my program and I could really use some help.
So it all started a long time ago when I decided to try and teach myself C++. I thought I'd learn by doing by trying to create a text adventure with basic code. I managed to create an executable file that worked and cheerfully submitted it to a website that sometimes hosted content similar to what I created.
My submission was rejected out of hand, as no one wanted to advertise or even open the contents of a link to a file download from an unknown source. I found some information online saying that by using the Java Programming Language, I could run an application from a webpage using something called an "applet" that other people could access.
So I learned a second programming language and some basic html and tried to put my application on a website... Except it turns out that applets are a dying technology that no one trusts and that while it is possible to run a program as an applet (or a java web start application) from a webpage, modern browsers will scream bloody murder at anyone who tries to do so because applets are considered horribly insecure.
This project has now been ongoing in some form or another for over a year at this point, and I am at my wits end. I really, really don't want to have to write my program over again in yet another language just so that I can show it to people without them flipping out and acting like I'm trying to infect them with a virus. Is there any way at all to have people use my Java program for free on the internet in a way that won't give people terrible security messages?
It's not a question of programming language. As long as your goal is to distribute your code (meaning that users have to download your code and run it on their computers) you will face the resistance. I, for one, would not run anything downloaded from internet until I research it and find reputable evidence of it being legit and harmless.
You may want to have it as a web application that runs on your server and gives users options to download results in some acceptable format. PDF is usually considered safe, though it's possible to embed maleware there.
Java EE gives many options for creation of such app, starting with JSP (Java Server Pages) and including more up-to-date ones (JSF and such).
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I want to add server to Eclipse which is Apache Tomcat 7.0 for running my web application but every time it is giving Error 404. I have tried all the solutions given on stack overflows other posts I will tell you what procedure I have followed:
I have downloaded windows installer for Apache tomcat and installed it.
I Placed a JAVA_HOME environment variable whose path is to the installed JDK.
Then in Eclipse: Window -> Preferences -> Server -> Add, I have added that server by giving the path up-to Apache bin folder.
Then I checked the build path of my project.
Firstly, it's giving the error that port no. is already in use, so I changed the port no. Secondly, it is giving Apache tomcat is already started. So I stopped it manually and started from Eclipse.
The URL is proper, I have checked it. And I have also given the URL manually. I have also created index.jsp
Now when I am running that project it is giving Error 404 . Requested file not found.
Have you look at your "web.xml" file? Look if the page you use as a welcome file exists, is there a index.jsp or index.html in your WebContent folder? ensure all the resources you´re pointing to, exist. As well, I strongly recommend you to use tomcat as a jar and not install it as a service on Windows, it is better. Also check the console of tomcat, there should be some red lines pointing to the issue that could be happening this behavior. Best regards.
error 404 implies that the tomcat server is up and running. your problem is with whatever you are trying to 'serve'
Ensure that your app is deployed properly.
Check if there is any error in any of logs.
Check if you typed in the right URL
Page not found or error 404 tells that there's no page at address url you trying to enter the browser. You need to check that server has configured properly to serve your application.
just double click on -- 1>Tomcat v7.0 Server at localhost.server .....
..
then at --------------- 2> Server Location ......
..
select second option -- 3> Use Tomcat Installation ....
..
and start the server again ... :)