I am trying to address a security vulnerability notification for several servers. We have tomcat6 installed. The notification indicates that I need to change the default passwords in the admin-users.xml file. When I view the file it looks like everything is commented out. And there are several places where a password is set. I have also confirmed that the tomcat service is running and the only dependencies are for winsock and tcpip drivers.
I am not familiar with tomcat or making any changes to any configurations. Can I just change the password in the xml file? Do I need to stop and restart services and if so, just the tomcat service? What is affected by stopping and restarting services? Sorry for my ignorance ... I am a total newbie. -- Theresa Whitney Systems Administrator - Server Support Northside ISD ph: (210) 397-7727 email: theresa.whit...@nisd.net
