I've been working on an article about securing tomcat for the Open
Web Application Security Project (OWASP). The article details some
quick and easy ways to improve the 'out of the box' security of
tomcat from the perspective of a sysadmin. It's written with tomcat
5.5 in mind, but almost everything will apply to 6.0 when it is
released. A lot of it will also apply to older versions of tomcat,
but no specific testing has been done to establish this.
Have a read of the article at https://www.owasp.org/index.php/
Securing_tomcat and reply to the list with any comments - good or bad!.
Thanks,
Darren
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
