> From: Theresa Whitney [mailto:theresa.whit...@nisd.net] > Subject: changing tomcat default password
> I am trying to address a security vulnerability notification for several > servers. We have tomcat6 installed. Right there is your biggest security problem - Tomcat 6 has reached end of life and may not receive any more fixes. To quote from the "Which version?" page: "Users of Tomcat 6 should be aware that Tomcat 6 has now reached end of life. Users of Tomcat 6.x should upgrade to Tomcat 7.x or later." http://tomcat.apache.org/whichversion.html > The notification indicates that I need to change the default passwords > in the admin-users.xml file. No such file is distributed with a standard Tomcat; are you sure you have the right file name? In which directory is it located? > Can I just change the password in the xml file? Difficult to say, since it's not part of an official Tomcat. > Sorry for my ignorance ... I am a total newbie. As we all were at some point. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. -----Original Message----- -- Theresa Whitney Systems Administrator - Server Support Northside ISD ph: (210) 397-7727 email: theresa.whit...@nisd.net --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org