Thanks Filip. I will try to implement this & contribute it back to Tomcat
if that would be useful.
Azeez
On Thu, Nov 24, 2011 at 2:06 AM, Filip Hanik - Dev Lists wrote:
> Yes, that way you could encrypt your data packets and not worry about the
> wire protocol.
> the placement of the intercepto
Yes, that way you could encrypt your data packets and not worry about the wire
protocol.
the placement of the interceptor will be important, so that you don't encrypt
packets you don't need to (like ping and failure detection)
Filip
On 11/23/2011 10:53 AM, Afkham Azeez wrote:
On Wed, Nov 23,
On Wed, Nov 23, 2011 at 8:48 PM, Filip Hanik - Dev Lists wrote:
> On 10/6/2011 8:31 AM, Afkham Azeez wrote:
>
>> I had a look at the Tribes code. Can somebody please explain how
>> Channel.SEND_OPTIONS_SECURE works?
>>
> not yet implemented :(
>
What is the proper way of implementing this if I w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Afkham,
On 10/6/11 10:17 AM, Afkham Azeez wrote:
> Is there a way to do authentication in Tribes when new members try
> to join a cluster so that unauthorized nodes cannot join in? Also,
> when clustering messages are sent back & forth, how do we ensu
On 10/6/2011 8:31 AM, Afkham Azeez wrote:
I had a look at the Tribes code. Can somebody please explain how
Channel.SEND_OPTIONS_SECURE works?
not yet implemented :(
> From the JavaDoc: SEND_OPTIONS_SECURE - Message is sent over an encrypted
channel
How is this encrypted channel setup? How do
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Azeez,
On 10/6/2011 10:17 AM, Afkham Azeez wrote:
> Is there a way to do authentication in Tribes when new members try
> to join a cluster so that unauthorized nodes cannot join in? Also,
> when clustering messages are sent back & forth, how do we ens
Thanks Alexander. That would work for authentication. But how could we
achieve confidentiality when it comes to the clustering messages (state
replication etc)?
On Thu, Oct 6, 2011 at 7:52 PM, Alexander Diedler wrote:
> Hello,
> Please search for "secret" in
> http://tomcat.apache.org/connectors-
I had a look at the Tribes code. Can somebody please explain how
Channel.SEND_OPTIONS_SECURE works?
>From the JavaDoc: SEND_OPTIONS_SECURE - Message is sent over an encrypted
channel
How is this encrypted channel setup? How do we define the keys/keystores
etc?
On Thu, Oct 6, 2011 at 7:47 PM, Af
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
On 9/26/2011 11:30 AM, André Warnier wrote:
> Leo Donahue - PLANDEVX wrote:
>> In light of the recent announcement, is securing Tomcat Manager
>> with org.apache.catalina.valves.RemoteAddrValve enough if we are
>> using 127.0.0.1 or should I co
Leo Donahue - PLANDEVX wrote:
In light of the recent announcement, is securing Tomcat Manager with
org.apache.catalina.valves.RemoteAddrValve enough if we are using 127.0.0.1 or should I
consider changing the manager auth-method from BASIC to FORM and enable HTTPS as well?
Is running Tomcat a
On 09/07/2010 15:38, Johan Martinez wrote:
> Hi,
>
> I need to allow public internet access to my tomcat server / web
> application. Although it would be restricted to set of trusted IPs
> initially, later it may need to be open for public access. Is there any
> guide for securing tomcat setup or
On Thu, Jan 21, 2010 at 03:02:41PM +, Peter Crowther wrote:
> 2010/1/21 Mark H. Wood
>
> > Reverse engineering is not a technical problem; it is a legal
> > problem. You need a lawyer, not a program.
> >
> > Mmm, yes and no. Burglary is also a legal problem, but I have locks (on /
> around
Hi,
Thanks for the info I shall take a look at the new licensing link you have
sent.
Best Regards,
Kranti K K Parisa
On Fri, Jan 22, 2010 at 11:17 AM, Dmitry Leskov
wrote:
> To list owner: I am not sure if vendors are prohibited from posting
> comments to this list, if they are, let me know a
Dmitry Leskov wrote:
We have therefore created a special licensing program that has been working
very well for our smaller customers since mid-2008:
http://www.excelsior-usa.com/store/jetmb.html
To the OP : there, you see, a discount !
And you did not even have to ask.
;-)
-
Hi Leon,
Thanks for the notes, may be parallel to our sales we may spend some time on
the points you mentioned to protect our selves in the future.
Best Regards,
Kranti K K Parisa
On Thu, Jan 21, 2010 at 9:54 PM, Leon Rosenberg <
rosenberg.l...@googlemail.com> wrote:
> Hello Kranti,
>
> first
The GCC compiler for java allows you to compile java down to native code
(AOC - Ahead Of time Compiling). I have never tried it before but it's open
source and free to use.
That being said I'm not certain that compiling your class files down to
native code is going to solve your problem since jav
To list owner: I am not sure if vendors are prohibited from posting comments to
this list, if they are, let me know and I won't post next time.
Excelsior JET is not an IDE that every developer must have on his/her
workstation. It is more like a setup generator. Typically, a team of developers
w
On 21/01/2010 16:24, Leon Rosenberg wrote:
5. stop wasting your time and invest it into developing new features
and actually selling your product. If its worth copying it will be
copied this way or other. So far no one has managed to protect its
software against copying, better concentrate on th
: Securing Tomcat Applications from Reverse Engineering
Peter Crowther wrote:
> 2010/1/21 Kranti(tm) K K Parisa
>
>>
>> How could we achieve this without the above tool? Because the pricing of
>> the
>> above tool is very costly.
>>
>> Well, you could always sp
Hello Kranti,
first of all I strongly believe in open source software and don't like
to obfuscate things. But well.
1. If you have internet connectivity on the target server you could
only deploy a skeleton of your application and load the
protect-worthly classes
directly from your servers with o
Hi Kranti - Honestly if the ideas in the product are that valuable anyone
who uses the product with a web browser, print screen, and paint can fully
mock up the application and send the mockups to development. Anything that
is deployed on a server that is out of your control, is exactly that. I
und
Well there are soo many comments on the cost of IP and other tools. when we
are a small team started working on a web based product with open source
tools, for sure we can't spend too much on the tools to protect the IP
rights. because once we deploy for few clients, if its a good product, what
if
2010/1/21 Mark H. Wood
> Reverse engineering is not a technical problem; it is a legal
> problem. You need a lawyer, not a program.
>
> Mmm, yes and no. Burglary is also a legal problem, but I have locks (on /
around the things I want to keep, of a cost and quality appropriate to my
expected lo
Hi Leon,
That's correct. we develop and deploy on client machines. but we want to
secure the code. please suggest.
Best Regards,
Kranti K K Parisa
On Thu, Jan 21, 2010 at 4:45 PM, Leon Rosenberg <
rosenberg.l...@googlemail.com> wrote:
> Do you develop web applications and deliver them to the
Reverse engineering is not a technical problem; it is a legal
problem. You need a lawyer, not a program.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Friends don't let friends publish revisable-form documents.
pgpRmc02QIJYG.pgp
Description: PGP signature
Joseph Morgan wrote:
http://proguard.sourceforge.net/
-Original Message-
From: Kranti(tm) K K Parisa [mailto:kranti.par...@gmail.com]
Sent: Thursday, January 21, 2010 5:05 AM
To: Tomcat Users List
Subject: Securing Tomcat Applications from Reverse Engineering
Hi,
Can anyone throw so
http://proguard.sourceforge.net/
-Original Message-
From: Kranti(tm) K K Parisa [mailto:kranti.par...@gmail.com]
Sent: Thursday, January 21, 2010 5:05 AM
To: Tomcat Users List
Subject: Securing Tomcat Applications from Reverse Engineering
Hi,
Can anyone throw some light on this topic,
Peter Crowther wrote:
2010/1/21 Kranti™ K K Parisa
How could we achieve this without the above tool? Because the pricing of
the
above tool is very costly.
Well, you could always spend the developer-years to create your own version
of that tool... which would probably be *more* costly.
I'
Kranti™ K K Parisa wrote:
Hi,
Can anyone throw some light on this topic, seems it is possible to convert
the tomcat+tomcat web applications to native code to secure them and further
to run them on client machines easily.
Please check this.
http://www.excelsior-usa.com/jetinternals.html
How co
2010/1/21 Kranti™ K K Parisa
> Hi,
>
> Can anyone throw some light on this topic, seems it is possible to convert
> the tomcat+tomcat web applications to native code to secure them and
> further
> to run them on client machines easily.
>
> Please check this.
>
> http://www.excelsior-usa.com/jetin
Do you develop web applications and deliver them to the client, so
that they can install your applications on their machines without your
access to the machine?
Leon
2010/1/21 Kranti™ K K Parisa :
> Hi,
>
> Can anyone throw some light on this topic, seems it is possible to convert
> the tomcat+to
It works perfect now!:jumping:
Thanks Guys you deserve a :drunk:
Alex Mestiashvili wrote:
>
> losintikfos wrote:
>> I have done as said and restarted the server but still wont work for me!
>> :-((.
>>
>>
>>
>
> and what do you have in logs/catalina.out ?
>
> -
losintikfos wrote:
I have done as said and restarted the server but still wont work for me!
:-((.
and what do you have in logs/catalina.out ?
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail:
losintikfos wrote:
> Sorry mark did miss up something here! what did you mean by "Those characters
> needs to be escaped"?
>
> Are you saying i should do something like this: allow="127.\0.\0.\1 ?
Yes. But it should be allow="127\.0\.0\.1"
Mark
>
>
>
>
>
> markt-2 wrote:
>> [EMAIL PROTECTE
Sorry mark did miss up something here! what did you mean by "Those characters
needs to be escaped"?
Are you saying i should do something like this: allow="127.\0.\0.\1 ?
markt-2 wrote:
>
> [EMAIL PROTECTED] wrote:
>> Actually the context xml is present in
>> CATALINA_HOME\webapps\manager\M
Mark! i have tried this and still wont work. Was wondering if RedHat is goot
something to do with ths configuration.
Bit confused:-(
markt-2 wrote:
>
> [EMAIL PROTECTED] wrote:
>> Actually the context xml is present in
>> CATALINA_HOME\webapps\manager\META-INF dir. You can edit it and add th
lt;[EMAIL PROTECTED]>
> To: Tomcat Users List
> Sent: Fri, 29 Aug 2008 3:29 pm
> Subject: Re: Securing Tomcat: HELP
>
>
>
>
>
>
>
>
>
> losintikfos wrote:?
>
>> Hi Alex,?
>
>>?
>
>> I can't locate directory catalina
[EMAIL PROTECTED] wrote:
> Actually the context xml is present in
> CATALINA_HOME\webapps\manager\META-INF dir. You can edit it and add the valve
> and it should work:
>
>
> ?allow="127.0.0.1"/>
Those periods need to be escaped.
Mark
--
I have done as said and restarted the server but still wont work for me!
:-((.
Alex Mestiashvili wrote:
>
> losintikfos wrote:
>> Hi Alex,
>>
>> I can't locate directory catalina in conf. I am using tomcat 6.0.18, is
>> it
>> something i should see?
>>
>>
>> B
>>
>>
>>
> Hi , just create t
Actually the context xml is present in CATALINA_HOME\webapps\manager\META-INF
dir. You can edit it and add the valve and it should work:
-Original Message-
From: Alex Mestiashvili <[EMAIL PROTECTED]>
To: Tomcat Users List
Sent: Fri, 29 Aug 2008 3:29 pm
Subject: Re: Se
losintikfos wrote:
Hi Alex,
I can't locate directory catalina in conf. I am using tomcat 6.0.18, is it
something i should see?
B
Hi , just create this dirs , and put there manager.xml file
later you can add other files for another applications .
I am not tomcat guru , but that soluti
Hi Alex,
I can't locate directory catalina in conf. I am using tomcat 6.0.18, is it
something i should see?
B
Alex Mestiashvili wrote:
>
> losintikfos wrote:
>> Thanks for your reply Mark! unfurtunatly the url sent to me contains only
>> language reference which i am not familier with. Do
losintikfos wrote:
Thanks for your reply Mark! unfurtunatly the url sent to me contains only
language reference which i am not familier with. Do you know the original
command and where to put, to enforce the security?
I am using Tomcat 6
markt-2 wrote:
losintikfos wrote:
Hi Expe
Thanks for your reply Mark! unfurtunatly the url sent to me contains only
language reference which i am not familier with. Do you know the original
command and where to put, to enforce the security?
I am using Tomcat 6
markt-2 wrote:
>
> losintikfos wrote:
>> Hi Experts,
>>
>>
>> I am t
losintikfos wrote:
> Hi Experts,
>
>
> I am trying to secure my tomcat manager web console from been seen from the
> internet. For example if i open the browser and type the internet address of
> the server, it displays the console where ever i am in the world and
> therefore want to hide it from
Date sent: Fri, 28 Mar 2008 16:07:26 -0400
From: "Hyatt, Gordon" <[EMAIL PROTECTED]>
Subject:Securing Tomcat on FC8
To: users@tomcat.apache.org
Send reply to: Tomcat Users List
> I've just finished reading the Tomcat Secu
Aside from packet-mangling the port numbers between the interface(s)
and Tomcat's sockets, there are two other ways to use "privileged"
ports but not run Tomcat with special privilege:
1. Run behind something like Apache HTTPD, which already does the
privilege separation for you. This is a h
I have no personal experience with this but it might be a useful resource:
http://www.owasp.org/index.php/Securing_tomcat
abhay srivastava wrote:
Hello Folks,
How do I secure Tomcat version 6 ? Can anyone point me to right documentation ?
I am in a process of hosting a website on T
Thanks Darren and Satya.
I will check these.
Regards
Suneet
On 1/19/07, Darren <[EMAIL PROTECTED]> wrote:
http://www.owasp.org/index.php/Securing_tomcat covers some areas
which may be of interest to you.
On 19 Jan 2007, at 14:04, Suneet Shah wrote:
> Hello,
>
> I am using Tomcat as a Revers
http://www.owasp.org/index.php/Securing_tomcat covers some areas
which may be of interest to you.
On 19 Jan 2007, at 14:04, Suneet Shah wrote:
Hello,
I am using Tomcat as a Reverse Proxy through a pluggin that we have
built.
One of the questions that I am being asked is how do we make the
Tomcat docs and Bugzilla should help you.
Cheers,
Satya
- Original Message
From: Suneet Shah <[EMAIL PROTECTED]>
To: users@tomcat.apache.org
Sent: Friday, 19 January, 2007 9:04:06 AM
Subject: Securing Tomcat
Hello,
I am using Tomcat as a Reverse Proxy through a pluggin that we have bu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/01/2007, at 11:50 AM, Mikolaj Rydzewski wrote:
Leon Rosenberg wrote:
Sure, I could write my own filters and pass the static content
through
them first, but that'd slow down the whole app (tested).
Could you explain this a little more? Ho
That's 16GB, and I wouldn't consider it cheap. Besides, our company is
renting the servers since we don't just put some machines down in our
private "bunker" ;)
Bute Leaon, we#re eally getting off-topic here, so if you want to
discuss this isse further, feel free to drop me a line on my private
e
On 1/10/07, Darren <[EMAIL PROTECTED]> wrote:
> but if you remember how this thread
> started, the author of the article and OP suggested in his article to
> put an apache / iis in front of tomcat to INCREASE security
No I didn't, but if that's how you interpreted the section on
'running on port
On 1/10/07, Gregor Schneider <[EMAIL PROTECTED]> wrote:
> hmm, haven't you said you have 300.000 files? I don't know how large
> your files actually are, but assuming 100K a fairly large size you 'll
> need ~30 Gb of RAM to cache them all. Now a machine with 32 Gb of RAM
> is pretty cheap nowerda
but if you remember how this thread
started, the author of the article and OP suggested in his article to
put an apache / iis in front of tomcat to INCREASE security
No I didn't, but if that's how you interpreted the section on
'running on port 80' then it needs to be reworded accordingly.
h
Markus,
Therefore - IMO - a claim like "i'm just saying that nobody should worry about
this combination" is useless (maybe even dangerous) without the "ifs" you've
come up with now, full stop.
OK, we absolutely disagree on that one - so can we leave it at that?
You got the honor of the final w
Hi Leon,
I think we both now can agree that there are millions of absolutely
valid reasons
to run a httpd-tomcat combination, but that security isn't among them :-)
Ok?
Absolutely!
hmm, haven't you said you have 300.000 files? I don't know how large
your files actually are, but assuming 100
On 1/10/07, Mikolaj Rydzewski <[EMAIL PROTECTED]> wrote:
Leon Rosenberg wrote:
> Still, since you can guarantee that everything is in memory if you
> customize your webapp, and apache httpd simply relies on the file
> system cache which has it's own behaviour, not designed for your
> webapp, a si
On 1/10/07, Gregor Schneider <[EMAIL PROTECTED]> wrote:
Hi Leon,
On 1/10/07, Leon Rosenberg <[EMAIL PROTECTED]> wrote:
>
> Aehm,
> the original thread was about security, and now you wrote "performs"
> better, which I assumed referred to "performance". If not - my fault
> :-)
>
Well, we moved ki
Mikolaj Rydzewski wrote:
> Leon Rosenberg wrote:
> >> Sure, I could write my own filters and pass the static content through
> >> them first, but that'd slow down the whole app (tested).
> >
> > Could you explain this a little more? How can it be that if you write
> > out something from memory it's
Gregor Schneider wrote:
> On 1/10/07, Markus Schönhaber <[EMAIL PROTECTED]> wrote:
> > Gregor Schneider wrote:
> > > that's definately not the case.
> >
> > "Definitely"? Hm, again such an absolute claim of yours for which you
> > provide no facts to back it up.
>
> Markus:
> As I stated above: I
Leon Rosenberg wrote:
Still, since you can guarantee that everything is in memory if you
customize your webapp, and apache httpd simply relies on the file
system cache which has it's own behaviour, not designed for your
webapp, a single filesystem "miss" will cost more time than you'll
ever win b
Hi Leon,
On 1/10/07, Leon Rosenberg <[EMAIL PROTECTED]> wrote:
Aehm,
the original thread was about security, and now you wrote "performs"
better, which I assumed referred to "performance". If not - my fault
:-)
Well, we moved kinda of-topic here, sou you got me right.
What I actually wanted t
Hmm,
interesting reading.
Still, since you can guarantee that everything is in memory if you
customize your webapp, and apache httpd simply relies on the file
system cache which has it's own behaviour, not designed for your
webapp, a single filesystem "miss" will cost more time than you'll
ever
On 1/10/07, Gregor Schneider <[EMAIL PROTECTED]> wrote:
Hi Leon,
On 1/10/07, Leon Rosenberg <[EMAIL PROTECTED]> wrote:
> > In *our* scenario I rather have Apache http in front because
> >
> > - it performs better
>
> What?
> You can argue that httpd doesn't decrease security, but talking about
>
Leon Rosenberg wrote:
Sure, I could write my own filters and pass the static content through
them first, but that'd slow down the whole app (tested).
Could you explain this a little more? How can it be that if you write
out something from memory it's slower than ask the filesystem which
could e
Hi Leon,
On 1/10/07, Leon Rosenberg <[EMAIL PROTECTED]> wrote:
> In *our* scenario I rather have Apache http in front because
>
> - it performs better
What?
You can argue that httpd doesn't decrease security, but talking about
it being fast??? Come'on you're kidding :-)
Sorry, but I don't get
On 1/10/07, Gregor Schneider <[EMAIL PROTECTED]> wrote:
> > OTOH, i'd rather have apache in
> > front than running tomcat on port 80 via jsvc or as a service.
>
> I'd like to repeat Chuck's question: why?
>
Plain and simple:
You also can misconfigure jsvc (ok, chances are pretty small...)
In *o
Hi Marcus,
On 1/10/07, Markus Schönhaber <[EMAIL PROTECTED]> wrote:
Gregor Schneider wrote:
OTOH there a very good reasons to use a httpd-Tomcat combination. Alas,
the "only reason" there "usually" is, as you said, I wouldn't count amongst
the good reasons. Tomcat serves static content just fin
Christopher Schultz wrote:
> Markus Schönhaber wrote:
> > You defend it yourself in the next paragraph you've written.
> >
> >> One could argue that more moving parts equals more complexity, and that
> >> complexity is an enemy of security (and I agree). However, there must be
> >> a balance. If g
Gregor Schneider wrote:
> On 1/9/07, Markus Schönhaber <[EMAIL PROTECTED]> wrote:
> > Did you read the article that is subject to this thread?
>
> yep
>
> > I don't think I understand how your post relates to mine.
>
> My post relates to yours and to some other posts here in that sense
> that you
On 1/9/07, Christopher Schultz <[EMAIL PROTECTED]> wrote:
Leon's message says flat out that adding Apache httpd reduces security,
and provides no basis for that statement. A more appropriate statement
might have been that Apache does not add any appreciable measure of
security as Tomcat provides
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Darren,
Darren wrote:
> I think the 'running on port 80' section needs some rewording as I'm not
> advocating that putting IIS or apache infront of your tomcat
> installation will make it any more secure. As a sysadmin you may be
> asked to serve tom
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Markus,
Markus Schönhaber wrote:
> You defend it yourself in the next paragraph you've written.
>
>> One could argue that more moving parts equals more complexity, and that
>> complexity is an enemy of security (and I agree). However, there must be
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andrew,
Andrew Miehs wrote:
> With Apache HTTPD you have the advantage of being able to do fine grained
> url/ IP access control.
I believe that Tomcat also has that capability. Am I wrong?
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.
> From: Gregor Schneider [mailto:[EMAIL PROTECTED]
> Subject: Re: Securing Tomcat Article for Review
>
> OTOH, i'd rather have apache in front than running
> tomcat on port 80 via jsvc or as a service.
Why?
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR O
Hi Markus,
On 1/9/07, Markus Schönhaber <[EMAIL PROTECTED]> wrote:
Did you read the article that is subject to this thread?
yep
I don't think I understand how your post relates to mine.
My post relates to yours and to some other posts here in that sense
that you (and others) stated that put
Did you read the article that is subject to this thread?
Gregor Schneider wrote:
> putting up apache in front of tomcat usually is not done due to
> security-reasons. however, doing so won't do any harm if you know what
> you're doing... ;)
Whatever you're doing, it's always a good idea to know
Things like:
Change files in CATALINA_HOME/conf to be readonly (400)
...
Rename CATALINA_HOME/conf/server.xml to ...
won't work for dummies (due to missing rights) if they'll follow the
guide step by step.
You're right, the ordering is perhaps a little confusing. The
article is not aimed sp
well,
putting up apache in front of tomcat usually is not done due to
security-reasons. however, doing so won't do any harm if you know what
you're doing... ;)
the only reason putting up apache in front usually is to serve static
content when running a high-load-web-app. besides, you can do quit
Christopher Schultz wrote:
> Leon Rosenberg wrote:
> > Also by using apache in front of tomcat you rather loose[sic]
> > security than gain it. At least this is my personal opinion :-)
>
> Would you care to defend that argument?
You defend it yourself in the next paragraph you've written.
> One
> From: Christopher Schultz [mailto:[EMAIL PROTECTED]
> I would argue that Apache httpd is quite mature and is trustworthy.
> Sure, you're not likely to run into a buffer overflow bug in
> Tomcat, but
> a bad configuration can open any server to attack. Is a bad Tomcat
> configuration alone any b
On 09/01/2007, at 5:20 PM, Christopher Schultz wrote:
Leon Rosenberg wrote:
Also by using apache in front of tomcat you rather loose[sic]
security than gain it. At least this is my personal opinion :-)
Would you care to defend that argument? Security in layers is
typically
an advantage.
O
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Leon,
Leon Rosenberg wrote:
> Also by using apache in front of tomcat you rather loose[sic]
> security than gain it. At least this is my personal opinion :-)
Would you care to defend that argument? Security in layers is typically
an advantage.
One c
Who's the target audience?
Things like:
Change files in CATALINA_HOME/conf to be readonly (400)
...
Rename CATALINA_HOME/conf/server.xml to
CATALINA_HOME/conf/server-original.xml and rename
CATALINA_HOME/conf/server-minimal.xml to
CATALINA_HOME/conf/server.xml. The minimal configuration provides
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> Subject: Securing Tomcat
>
> First I wondered why they were started as root process.
Only to allow access to ports below 1024. You can use iptables to
reroute ports, or use jsvc to start Tomcat with some other userid.
Google or search the
87 matches
Mail list logo
