On 10/6/06, Rizwan Merchant <[EMAIL PROTECTED]> wrote:
Can someone give me some insight into how secure the tomcat manager page is on a production application? Currently we have an application running on the production box, and we also have the manager running (password protected of course) so that we can access the tomcat status pages to determine the memory usage and thread information.
You can restrict access to the manager by IP -- see: <http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html> HTH, -- Hassan Schroeder ------------------------ [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
