>I'm just recently getting more intimate with Tomcat's
>architecture and I'm
>wondering what provisions and plans are in place for security in the
>protocols btw http servers and the servlet engine. What are the
>vulnerabilities now and how are people using Tomcat in production
>protecting themselves? Firewalling access to ports 8007/8009?
> Sorry if
>this is a FAQ, I just didn't a clear definition of the status and the
>future plans documented anywhere.
Welcome you Covalent ;)
I proposed sometimes ago to add strongest ACL to ajp13 along
with many protocols add-ons.
ajp13 didn't use a login mechanism between Apache and TC.
Something to add.
