Summary

In this chapter, you looked at various security topics with respect to Tomcat. First you looked at general security: removing or disabling the default Web applications and locking up the file system. Both of these procedures are common practice in all server installations, so they should fit into your general security policy without too much trouble.

Then you moved on to the Tomcat-specific security. You examined Java’s security manager and its role in controlling access to system resources. Tomcat can take advantage of this feature to prevent Web applications from carrying out potentially dangerous actions. A rogue servlet could easily take down the file system if you don’t take measures to restrict access.

You then learned how to put realms into practice with Tomcat’s security constraints. You saw the different kinds of login mechanism you can use, as well as their strengths and weaknesses. You then saw how to force SSL connections for groups of Web resources on the Tomcat server. SSL prevents third parties from listening in on your data transfers between the server and the client. When dealing with sensitive data it’s always wise to use SSL. The final topic was securing the data channel between Tomcat and the client using Apache’s SSL abilities.



Pro Jakarta Tomcat 5
Pro Apache Tomcat 5/5.5 (Experts Voice in Java)
ISBN: 1590593316
EAN: 2147483647
Year: 2004
Pages: 94

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net