Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification.
The "FAQ/Security" page has been changed by KonstantinKolinko: http://wiki.apache.org/tomcat/FAQ/Security?action=diff&rev1=9&rev2=10 Comment: Replace http://marc.theaimsgroup.com/ with http://marc.info/ <<Anchor(Q1)>>'''How do I use OpenSSL to set up my own Certificate Authority (CA)?''' - [[http://marc.theaimsgroup.com/?l=tomcat-user&m=106293430225790&w=2|Using OpenSSL to set up your own CA]]. + [[http://marc.info/?l=tomcat-user&m=106293430225790&w=2|Using OpenSSL to set up your own CA]]. <<Anchor(Q2)>>'''OH NO! PORT 8005 is available for anyone on localhost to shutdown my tomcat!''' See these 2 discussions. - * [[http://marc.theaimsgroup.com/?t=104396653200003&r=1&w=2|Possible to switch off tcp/ip server shutdown?]] + * [[http://marc.info/?t=104396653200003&r=1&w=2|Possible to switch off tcp/ip server shutdown?]] - * [[http://marc.theaimsgroup.com/?t=103126643200005&r=1&w=2|Tomcat shutdown & security]] + * [[http://marc.info/?t=103126643200005&r=1&w=2|Tomcat shutdown & security]] <<Anchor(Q3)>>'''What about Tomcat running as root?''' See these threads: - * [[http://marc.theaimsgroup.com/?t=104516038700003&r=1&w=2|Tomcat as root and security issues]] + * [[http://marc.info/?t=104516038700003&r=1&w=2|Tomcat as root and security issues]] <<Anchor(Q4)>>'''How to I force all my pages to run under HTTPS?''' - [[http://marc.theaimsgroup.com/?l=tomcat-user&m=104951559722619&w=2|Use security-constraint in web.xml]]. + [[http://marc.info/?l=tomcat-user&m=104951559722619&w=2|Use security-constraint in web.xml]]. <<Anchor(Q5)>>'''What is the default login for the manager and admin app?''' @@ -54, +54 @@ <<Anchor(Q7)>>'''How do I use jsvc/procrun to run Tomcat on port 80 securely?''' - Fairly easily ;) See the Setup page in the docs for your tomcat release, and read [[http://marc.theaimsgroup.com/?l=tomcat-user&m=108566020231438&w=2|this mailing list post]] for a complete setup example with permissions etc. + Fairly easily ;) See the Setup page in the docs for your tomcat release, and read [[http://marc.info/?l=tomcat-user&m=108566020231438&w=2|this mailing list post]] for a complete setup example with permissions etc. <<Anchor(Q8)>>'''Has Tomcat's security been independently analyzed or audited?''' - Yes, by numerous organizations and individuals, many times. Try [[http://www.google.com/search?sourceid=navclient&ie=UTF-8&q=is+tomcat+secure|this Google search]] and you'll see many references, guides, and analyses. + Yes, by numerous organizations and individuals, many times. Try [[http://www.google.com/search?q=is+tomcat+secure|this Google search]] and you'll see many references, guides, and analyses. <<Anchor(Q9)>>'''How do I change the Server header in the response?''' --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
