tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Leo Donahue - PLANDEVX <LeoDona...@mail.maricopa.gov>
Subject Securing Tomcat Manager auth-method
Date Mon, 26 Sep 2011 15:09:26 GMT
In light of the recent announcement, is securing Tomcat Manager with org.apache.catalina.valves.RemoteAddrValve
enough if we are using 127.0.0.1 or should I consider changing the manager auth-method from
BASIC to FORM and enable HTTPS as well?  Is running Tomcat as a Windows service considered
"insecure"?

leo

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message