tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Francois Arcand <>
Subject Re: Securing servlets in an application
Date Mon, 21 Oct 2002 16:14:01 GMT

Lior Shliechkorn wrote:

>function SetDomain(d) { document.domain = d; }Hi,
>I need help in adding some extra security to the login servlet for my application. I wanted
to know how I can secure servlets without having to declare realms in Tomcat. I have a login
page that posts to a servlet, and I want to make that servlet secure?  The checking for user
and password is performed by a database, and from what I understood realms that are created
prompt a user for information once entering a secure area. Where can I read more information
about security, and what suggestions might you have for me to implement.
First, I recommend you run Tomcat with the SecurityManager:

Second, you can certainly use a secure transport when interacting with 
your Servlet:

see Servlet 2.4 section SRV.12.8 Specifying Security Constraint.

-- Jeanfrancois

>Do you Yahoo!?
>Y! Web Hosting - Let the expert host your web site

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message