tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Tomcat Security Problem
Date Thu, 26 Oct 2006 12:31:47 GMT

> i need tomcat to run/deploy only "known" applications. at startup the
> container should somehow realize that a certain app is a "not authorized
> one" and not load it.

You could turn off automatic deployment of WAR files and configure each
"known" application in your server.xml file. Just make sure that only
trusted people can edit the server.xml file and bring Tomcat up and down.


View raw message