tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Context Path for a subdirectory
Date Sat, 01 Dec 2012 03:27:48 GMT
Hash: SHA1


On 11/30/12 7:07 PM, Leo Donahue - RDSA IT wrote:
>> -----Original Message----- From: Leo Donahue - RDSA IT
>> [] Sent: Friday, November 30,
>> 2012 5:02 PM To: Tomcat Users List Subject: RE: Context Path for
>> a subdirectory
>> The way the Server 1 is configured, there are accounts that the
>> rest/admin web app will take which let you do things like
>> shutdown the services and other stuff, if you were able to brute
>> force the rest/admin username/password.
> That would only do you any good if you knew the internal server
> name. But I have to protect from internal threats as well, right?

Now, you're thinking properly ;)

Just remember that you asked to be able to restrict by IP address.
Well, an internal threat might be able to come from that IP address,
so you might want credentials that can be relatively quickly revoked.
I suppose you could change the IP whitelist, but then maybe you'll
have to figure out what the new blessed IP will be...

- -chris
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools -
Comment: Using GnuPG with undefined -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message