Subsonic Forum

[doktourtv]

I have installed the evaluation version of Subsonic and I am very impressed with the work that went into its design! We are eager to "donate" and register the program but there is an grave issue the must be addressed:

Subsonic currently uses version 6 of the Jetty server. This version has well known and very dangerous security problems which have been corrected in version 9 (and I believe in version 8 as well).

Sadly, since our computer is a business computer, it must meet PCI compliance. The use of Jetty 6 is an automatic failure (which demonstrates how insecure version 6 really is), so without the upgrade in Jetty subsonic is rendered useless to us. Jetty 6 or below is prohibited due to the security holes.

Would someone explain how to upgrade the Jetty server in version 4.7 of subsonic running on Windows 7 64 bit platform? Or is an upgraded version currently in the works?

Please advise
Thank you

[bushman4]

Run it in Tomcat using the WAR version.

As of right now, Tomcat 6 is still required for the stock version. There are mod versions that allow the use of Tomcat 7 as the servlet container.

HTH,

Glenn

[hakko]

I'm maintaining a Subsonic mod called MusicCabinet. It's purely built for streaming music, I can't tell from your post if that's a plus or a no-no.

However, it runs on Jetty 8, security is upgraded from default Acegi to the newer Spring Security, with user passwords stored as salted hash sums (default Subsonic behavior is to store them in clear text). It also runs on Tomcat 7. Link: viewtopic.php?f=11&t=10587

[doktourtv]

Run it in Tomcat using the WAR version.

As of right now, Tomcat 6 is still required for the stock version. There are mod versions that allow the use of Tomcat 7 as the servlet container.

HTH,

Glenn

I do not understand. How would I implement tomcat 7 on Windows 7? How would that replace Jetty 6?

[doktourtv]

I'm maintaining a Subsonic mod called MusicCabinet. It's purely built for streaming music, I can't tell from your post if that's a plus or a no-no.

However, it runs on Jetty 8, security is upgraded from default Acegi to the newer Spring Security, with user passwords stored as salted hash sums (default Subsonic behavior is to store them in clear text). It also runs on Tomcat 7. Link: viewtopic.php?f=11&t=10587

Thank you for your reply, however, unfortunately it is the VIDEO streaming that we are seeking.
Any ideas on upgrading Jetty 6 to 9 in version 4.7?

[bushman4]

I do not understand. How would I implement tomcat 7 on Windows 7? How would that replace Jetty 6?

• Install Tomcat 6 for windows from the official installation source here:
  http://apache.cs.utah.edu/tomcat/tomcat ... ws-x86.zip
  
• Set up Tomcat on the ports that you want Subsonic to run on.
  
• Stop the Subsonic service.
  
• Start the Tomcat service and verify that it is operating by accessing the Tomcat home page at

  Code: Select all

  http://localhost:<YourHTTPPort>

  
  
• Download the WAR version of Subsonic and drop it in the webapp folder of your tomcat install folder.
  
• Restart the tomcat service.

Subsonic will be accessible via

Code: Select all

http://localhost:<YourHTTPPort>/subsonic

and will be using Tomcat, an enterprise class Java Servlet container, instead of Jetty, a slightly less robust and scale-able servlet server

HTH,

Glenn

[doktourtv]

An excellent and easily understood solution.

Thank you