We are currently using the steps published by OWASP too, in terms of tomcat configuration (there are application related security issues that are not covered by the article). Is there something else we should be aware of, that is not described?
>> I have no personal experience with this but it might be a useful resource: >> http://www.owasp.org/index.php/Securing_tomcat --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]