Hi all,
I need some advice with regards to Tomcat security, my company is not
convinced about Tomcat's security, I work for a financial institution so
you might understand their paranoia.
My question is how best to secure a Java servlet that runs on Tomcat.
Requests are routed through front end servers running Apache on separate
physical machines. Should I configure in addition an Apache server
locally or is Tomcat okay without it, my feeling is that this is not
necessary.
Tomcat uses a JDBC realm to connect to a database for authentication, we
use SSL and the machines are pretty well locked down. Is there anything
else that should be considered? Does Apache offer something extra so
that Tomcat should run with its own Apache web server bearing in mind we
use only Java.
Thanks for your help,
Peter
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
