tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Stavrinides <>
Subject Tomcat 5 and 6 Security advise
Date Thu, 26 Jul 2007 07:51:01 GMT
Hi all,

I need some advice with regards to Tomcat security, my company is not 
convinced about Tomcat's security, I work for a financial institution so 
you might understand their paranoia.

My question is how best to secure a Java servlet that runs on Tomcat. 
Requests are routed through front end servers running Apache on separate 
physical machines. Should I configure in addition an Apache server 
locally or is Tomcat okay without it, my feeling is that this is not 

Tomcat uses a JDBC realm to connect to a database for authentication, we 
use SSL and the machines are pretty well locked down. Is there anything 
else that should be considered? Does Apache offer something extra so 
that Tomcat should run with its own Apache web server bearing in mind we 
use only Java.

Thanks for your help,

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message