If by securing you mean hardening, well then no. But we have posted a white paper on Tomcat security according to the servlet specification:
http://www.cafesoft.com/products/cams/tomcat-security.html
Gary
Jason Pyeron wrote:
has any one put together a faq/howto on securing tomcat?
our first goal is to prevent determination of the server version by a web client.
an example of this is for url http://127.1:8080/xxdfsdf this is returned, note the Server: Apache Coyote/1.0 and Apache Tomcat/4.1.12
HTTP/1.1 404 /xxdfsdf
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Transfer-Encoding: chunked
Date: Tue, 31 Dec 2002 20:46:09 GMT
Server: Apache Coyote/1.0
<html><head><title>Apache Tomcat/4.1.12 - Error report</title><STYLE><!--H1{font-family : sans-serif,Arial,Tahoma;color
: white;background-color : #0086b2;} H3{font-family : sans-serif,Arial,Tahoma;color : white;background-color : #0086b2;}
BODY{font-family : sans-serif,Arial,Tahoma;color : black;background-color : white;} B{color : white;background-color :
#0086b2;} HR{color : #0086b2;} --></STYLE> </head><body><h1>HTTP Status 404 - /xxdfsdf</h1><HR size="1" noshade><p><b>ty
pe</b> Status report</p><p><b>message</b> <u>/xxdfsdf</u></p><p><b>description</b> <u>The requested resource (/xxdfsdf)
is not available.</u></p><HR size="1" noshade><h3>Apache Tomcat/4.1.12</h3></body></html>
-- Gary Gwin http://www.cafesoft.com
***************************************************************** * * * The Cafesoft Access Management System, Cams, is security * * software that provides single sign-on authentication and * * centralized access control for Apache, Tomcat, and custom * * resources. * * * ***************************************************************** -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
