Hello,
From my experience the server is pretty good out of the box. Of concern is
what is done after it is installed as well as during the install. During the
install, the typical issues of rights and such need addressed as far as
securing the server. But putting the server aside and focusing on Tomcat.
If you enable the manager/admin follow practices for complex passwords.
Do not enable the invoker servlet.
For further reading:
http://tomcat.apache.org/faq/security.html
Doug
----- Original Message -----
From: "Stephen More" <[EMAIL PROTECTED]>
To: <users@tomcat.apache.org>
Sent: Monday, October 16, 2006 8:22 PM
Subject: hardening and securing tomcat in a production environment
Is there a published list of items that need to be configured in order
to harden and secure tomcat in a production environment ? What items
need to be configured, and what items need to be removed ? I am
currently interested in version 5.5.
-Thanks
Steve More
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
