tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rizwan Merchant <>
Subject tomcat manager security
Date Fri, 06 Oct 2006 14:52:31 GMT

Can someone give me some insight into how secure the tomcat manager page 
is on a production application? Currently we have an application running 
on the production box, and we also have the manager running (password 
protected of course) so that we can access the tomcat status pages to 
determine the memory usage and thread information. Is this safe to run 
this manager, or should I be disabling this to avoid someone hacking the 
manager page and potentially creating havoc..


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message