Hi all, well I have, in my opinion, a very interesting question.
Last week we went in a production enviroment: we have apache + tomcat with an important web application xxx (http.conf has JkMount /xxx worker). Well, this morning I have discovered that somebody has tried to attack my server: in the Apache error log I have found calls as /scripts/..%5c%5c../winnt/system32/cmd.exe, /scripts/....., and so on. My question is: is Tomcat secure? How can I do Tomcat secure? Is all my system secure? ( my machine is a solaris 8). Thanks Laura
