|
security settings for Tomcat or Apache
I'm using Tomcat server for my application written in JSP. But my computer must be protected against any attack.What are the special settings for the strict security on Tomcat? Is the Apache more secure and how?
Thank you... |
you can use both of them together... when I set up tomcat I always disable the HTTP connection handlers in server.xml and use JK2 to connect apache and tomcat, then I can do things like access control etc. the same as static files in apache. In terms of being protected against remote attacks, use up-to-date versions of everything (apache, tomcat, openssl, openssh, etc.) and scan your own code carefully for programming mistakes. Also read up on iptables, and if you're paranoid, look at logcheck, tripwire and bastille. And be prepared to spend most of your time poring log files.
HTH B. |
| All times are GMT -5. The time now is 08:08 AM. |