Hi there, We need some advice about security conf with tomcat. We used apache+tomcat and apache took care of ip checking and so. Now we are planning to use tomcat alone (most of our pages are jsp) but we have some doubts about security conf. We have configured JBDC realm and works fine, but need some subnet/ip checking too. We would like to know what could be done to enforce security conf in a production site with tomcat (unix env) For example, - Has anybody used ip-chains with tomcat? - Is there some way to restrict access to tomcat from a subnet like tcp-wrapper does with telnet? - Is form-based security reliable enough to use alone without other checking? Briefly, any general or concise guidelines to enforce security with tomcat will be welcome. Thanks in advance ------------------------------------------------------------ --== Sent via Deja.com ==-- http://www.deja.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
