On Mon, Oct 18, 2004 at 11:47:19AM +0000, kax wrote: : Are there any good documentation on how to secure Tomcat 5 for production use?
I'd bet there's a lot of good advice in the archives, as this topic appears every so often. ;) Google's also a good starting point. High-level concepts to consider: 1/ Tomcat is just the container that runs your webapp; so ask yourself, "how secure is my webapp against attacks and (intentionally) improper use?" Several texts and websites cover this topic at length. 2/ Securing Tomcat is of limited value if there are holes elsewhere. Imagine a request, moving from the end-user's browser, through Tomcat (and perhaps a database) and then back to the user. What potential vulnerabilities exist? -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
