I thing you can use the Java Security Manager and OS level file
permisssion for this
or wrote your own DataSource JNDI Factory.
Peter
Brett Parsons schrieb:
Hi All,
There is a requirement on the server that we have Tomcat 5.0.28
deployed that no username/password information can be stored
A couple of observations:
- If someone can read the context descriptor they pretty much own
Tomcat and probably the server as well. If this person is unauthorised,
you have big problems regardless of whether or not they have read-only
access to the database.
- If the password is encrypted,
On Mon, Oct 18, 2004 at 11:47:19AM +, kax wrote:
: Are there any good documentation on how to secure Tomcat 5 for production use?
I'd bet there's a lot of good advice in the archives, as this topic
appears every so often. ;) Google's also a good starting point.
High-level concepts to
: Securing tomcat
On Mon, Oct 18, 2004 at 11:47:19AM +, kax wrote:
: Are there any good documentation on how to secure Tomcat 5 for production use?
I'd bet there's a lot of good advice in the archives, as this topic
appears every so often. ;) Google's also a good starting point.
High
Hi,
1. From what I have read it is not possible to lookup the objects bound
in
the jndi in Tomcat from another JVM. Is this correct?
Yeah.
2. Can I use the same name for a datasource in two different web
applications deployed on the same instance of Tomcat? I'm using a
separate
context file
Just put this in your web.xml for root webapp or others...
error-page
error-code404/error-code
location/404error.html/location
/error-page
and create 404error.html to say whatever you like.
Ken
Jason Pyeron wrote:
has any one put together a faq/howto on securing tomcat?
-Original Message-
From: Ken Anderson [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 31, 2002 5:07 PM
To: Tomcat Users List
Subject: Re: securing tomcat...
Just put this in your web.xml for root webapp or others...
error-page
error-code404/error-code
Jason,
If by securing you mean hardening, well then no. But we have posted a
white paper on Tomcat security according to the servlet specification:
http://www.cafesoft.com/products/cams/tomcat-security.html
Gary
Jason Pyeron wrote:
has any one put together a faq/howto on securing tomcat?
Ahoy there!
This is an automated response, to let you know
that we have received your query and will answer
your email as soon as possible.
We know you'd like to get back to playing our
state-of-the-art online games. We'd therefore like
to assure you that we are determined to keep our
service at