tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <>
Subject [Tomcat Wiki] Update of "FAQ/Security" by KonstantinKolinko
Date Sat, 09 Feb 2013 17:46:12 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification.

The "FAQ/Security" page has been changed by KonstantinKolinko:

Add links to pages at

  === Role of Customization ===
  We believe, and the evidence suggests, that Tomcat is more than secure enough for most use-cases.
However, like all other components of Tomcat, you can customize any and all of the relevant
parts of the server to achieve even higher security. For example, the session manager implementation
is pluggable, and even the default implementation has support for pluggable random number
generators. If you have a special need that you feel is not met by Tomcat out of the box,
consider these customization options. At the same time, please bring up your requirements
on the user mailing list, where we'll be glad to discuss it and assist in your approach/design/implementation
as needed.
+ === Links ===
+  * Known vulnerabilities [[]]
+  * Security considerations (Apache Tomcat 7 documentation) [[]]
  == Questions ==
   1. [[#Q1|How do I use OpenSSL to set up my own Certificate Authority (CA)?]]

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message