Sorry I don't, but here are some general guidelines (almost tomcat agnostic): 1) Turn off all services you don't need (EG: Using AJP? Then turn off HttpConnector) 2) Get rid of all examples and default installed webapps 3) Question every entry in your config files - don't know what an entry does? Find out - you may not need an entry or you may have it misconfigured. 4) Don't run as root 5) Turn off directory indexing (force a 404 if welcome file not present)
Google would probably provide better info than above. [EMAIL PROTECTED] wrote: > Tim Funk wrote: > >>In reality - use best practices to secure your installation. > > > Any "best practices" link for Tomcat security? > > das > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
