Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification.
The "FAQ/Security" page has been changed by KonstantinKolinko. The comment on this change is: Updated links, added mention of RemoteIPValve. http://wiki.apache.org/tomcat/FAQ/Security?action=diff&rev1=5&rev2=6 -------------------------------------------------- <<Anchor(Q5)>>'''What is the default login for the manager and admin app?''' - The admin and manager application do not provide a default login. Doing so is a security flaw. You need to edit $CATALINA_HOME/conf/tomcat-users.xml if you are using the default install. [[http://tomcat.apache.org/tomcat-4.1-doc/manager-howto.html#Configuring%20Manager%20Application%20Access|Configuring Manager Application Access]] + The admin and manager application do not provide a default login. Doing so is a security flaw. You need to edit $CATALINA_HOME/conf/tomcat-users.xml if you are using the default install. [[http://tomcat.apache.org/tomcat-6.0-doc/manager-howto.html#Configuring%20Manager%20Application%20Access|Configuring Manager Application Access]] <<Anchor(Q6)>>'''How do I restrict access by ip address or remote host?''' - By using the {{{RemoteHostValve}}} or {{{RemoteAddrValve}}}. Warning, these valves rely on accurate incoming ip addresses or hostnames. So they can fall victim to spoofing! [[http://tomcat.apache.org/tomcat-4.1-doc/config/valve.html|Valve Reference Link]] + By using the {{{RemoteHostValve}}} or {{{RemoteAddrValve}}}. Warning, these valves rely on accurate incoming ip addresses or hostnames. So they can fall victim to spoofing! See also {{{RemoteIpValve}}}. [[http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html|Valve Reference Link]] <<Anchor(Q7)>>'''How do I use jsvc/procrun to run Tomcat on port 80 securely?''' @@ -61, +61 @@ <<Anchor(Q9)>>'''How do I change the Server header in the response?''' - In server.xml - add a "server" attribute to the Connector element. http://tomcat.apache.org/tomcat-6.0-doc/config/http.html + In `server.xml` - add a "server" attribute to the Connector element. http://tomcat.apache.org/tomcat-6.0-doc/config/http.html --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
