Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 21 Next »

[03:28:45 EDT(-0400)] * EiNZTEiN (n=einztein@ has joined ##uportal
[08:46:14 EDT(-0400)] * athena7 ( has joined ##uportal
[09:00:33 EDT(-0400)] * michelled (n=team@ has joined ##uportal
[09:34:17 EDT(-0400)] * EricDalquist ( has joined ##uportal
[10:38:02 EDT(-0400)] * colinclark (n=colin@ has joined ##uportal
[11:09:07 EDT(-0400)] <EricDalquist> so an fyi ... Tomcat recycles the underlying request/response objects and buffers
[11:23:52 EDT(-0400)] <athena7> it causing problems?
[11:24:14 EDT(-0400)] <EricDalquist> well we've seen User A get a response that was intended for User B
[11:24:49 EDT(-0400)] <EricDalquist> my suspicion now is there is insufficient protection around the real req/res when doing channel/portlet rendering
[11:24:56 EDT(-0400)] <EricDalquist> and what happens is a portlet times out
[11:25:02 EDT(-0400)] <EricDalquist> but still has a ref to the response
[11:25:21 EDT(-0400)] <EricDalquist> so when it writes out its data the response is being used to service another user
[11:26:12 EDT(-0400)] <athena7> oh, that's really not good.
[11:26:22 EDT(-0400)] <EricDalquist> no it isn't
[11:26:30 EDT(-0400)] <EricDalquist> digging into it a bit more
[11:26:31 EDT(-0400)] <athena7> sounds like a potential security problem
[11:26:35 EDT(-0400)] <athena7> is this a tomcat issue?
[11:26:48 EDT(-0400)] <EricDalquist> it is an interaction problem
[11:27:01 EDT(-0400)] <EricDalquist> it won't give anyone extra access
[11:27:16 EDT(-0400)] <EricDalquist> and it isn't triggerable by and end user
[11:43:12 EDT(-0400)] * holdorph ( has joined ##uportal
[11:46:23 EDT(-0400)] * anastasiac (n=team@ has joined ##uportal
[11:55:43 EDT(-0400)] * apetro_mac ( has joined ##uportal
[12:35:20 EDT(-0400)] <athena7> i seem to have somehow created something JPA-related that conflicts with the portal's JPA persistence
[12:35:46 EDT(-0400)] <EricDalquist> in the same webapp or a different webapp?
[12:35:46 EDT(-0400)] <athena7> shouldn't that be pretty hard to do in a separate web context?
[12:35:51 EDT(-0400)] <EricDalquist> yeah
[12:35:51 EDT(-0400)] <athena7> different webapp
[12:35:54 EDT(-0400)] <athena7> portlet running in the portal
[12:36:08 EDT(-0400)] <EricDalquist> as long as you don't have anything jpa/spring related in shared/lib or common/lib
[12:36:26 EDT(-0400)] <EricDalquist> although ...
[12:36:31 EDT(-0400)] <EricDalquist> hrm
[12:36:43 EDT(-0400)] <EricDalquist> so a lot of the jpa stuff is thread bound
[12:36:46 EDT(-0400)] <athena7> i think the database jar is in there, but that's it
[12:36:50 EDT(-0400)] <EricDalquist> I wonder if there are conflicts with threadlocals
[12:37:08 EDT(-0400)] <athena7> hm, might be
[12:37:22 EDT(-0400)] <athena7> i think one of the errors i ran into before might have had some concurrency stuff in the trace
[12:37:31 EDT(-0400)] <athena7> but it wasn't the more relevant-seeming part and i don't have that log now
[12:39:21 EDT(-0400)] <athena7>
[12:39:25 EDT(-0400)] <athena7> tha'ts the current one
[12:48:32 EDT(-0400)] <EricDalquist> heh
[12:48:42 EDT(-0400)] <EricDalquist> I think I figured out request swapping bug
[12:48:48 EDT(-0400)] <EricDalquist> we had mod_jk missconfigured
[12:49:02 EDT(-0400)] <EricDalquist> specifically there is the line in the docs "Do not use cachesize with values higher then 1 on Apache 2.x prefork or Apache 1.3.x!"
[12:49:06 EDT(-0400)] <EricDalquist> and we had it set to 10
[12:49:55 EDT(-0400)] <athena7> ohh
[12:50:04 EDT(-0400)] <athena7> well at least that's fixable!
[12:50:10 EDT(-0400)] <EricDalquist> and easily fixable
[12:52:40 EDT(-0400)] <athena7> yes (smile)
[13:16:48 EDT(-0400)] * dstn (n=dstn@unaffiliated/dstn) has joined ##uportal
[14:16:17 EDT(-0400)] * dstn (n=dstn@unaffiliated/dstn) has left ##uportal
[14:33:02 EDT(-0400)] * holdorph ( has joined ##uportal
[15:20:54 EDT(-0400)] * colinclark (n=colin@ has joined ##uportal
[16:23:08 EDT(-0400)] * michelled (n=team@ has left ##uportal
[16:46:04 EDT(-0400)] * athena7_ (n=athena7@ has joined ##uportal

  • No labels