Hi, Ok, I'll try to find the stuff I want to do on google. But I have some other questions that is somehow related to the security issue.
1. From what I have read it is not possible to lookup the objects bound in the jndi in Tomcat from another JVM. Is this correct? 2. Can I use the same name for a datasource in two different web applications deployed on the same instance of Tomcat? I'm using a separate context file for each application. Thanks in advance /Kax > > From: QM <[EMAIL PROTECTED]> > Date: 2004/10/18 må PM 12:55:46 GMT > To: Tomcat Users List <[EMAIL PROTECTED]> > Ämne: Re: Securing tomcat > > On Mon, Oct 18, 2004 at 11:47:19AM +0000, kax wrote: > : Are there any good documentation on how to secure Tomcat 5 for production use? > > I'd bet there's a lot of good advice in the archives, as this topic > appears every so often. ;) Google's also a good starting point. > > High-level concepts to consider: > 1/ Tomcat is just the container that runs your webapp; so ask yourself, > "how secure is my webapp against attacks and (intentionally) improper > use?" Several texts and websites cover this topic at length. > > 2/ Securing Tomcat is of limited value if there are holes elsewhere. > Imagine a request, moving from the end-user's browser, through Tomcat > (and perhaps a database) and then back to the user. What potential > vulnerabilities exist? > > -QM > > -- > > software -- http://www.brandxdev.net > tech news -- http://www.RoarNetworX.com > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]