[Tomcat Wiki] Trivial Update of "FAQ/Security" by KonstantinKolinko

Thu, 22 Mar 2012 06:00:52 -0700 

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change 
notification.

The "FAQ/Security" page has been changed by KonstantinKolinko:
http://wiki.apache.org/tomcat/FAQ/Security?action=diff&rev1=12&rev2=13

Comment:
Replace 6.0 links with 7.0 ones.

  <<Anchor(Q5)>>
  === What is the default login for the manager and admin app? ===
  
- The admin and manager application do not provide a default login. Doing so is 
a security flaw. You need to edit $CATALINA_HOME/conf/tomcat-users.xml if you 
are using the default install. 
[[http://tomcat.apache.org/tomcat-6.0-doc/manager-howto.html#Configuring%20Manager%20Application%20Access|Configuring
 Manager Application Access]]
+ The admin and manager application do not provide a default login. Doing so is 
a security flaw. You need to edit $CATALINA_HOME/conf/tomcat-users.xml if you 
are using the default install. 
[[http://tomcat.apache.org/tomcat-7.0-doc/manager-howto.html#Configuring%20Manager%20Application%20Access|Configuring
 Manager Application Access]]
  
  <<Anchor(Q6)>>
  === How do I restrict access by ip address or remote host? ===
  
- By using the {{{RemoteHostValve}}} or {{{RemoteAddrValve}}}. Warning, these 
valves rely on accurate incoming ip addresses or hostnames. So they can fall 
victim to spoofing! See also {{{RemoteIpValve}}}. 
[[http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html|Valve Reference 
Link]]
+ By using the {{{RemoteHostValve}}} or {{{RemoteAddrValve}}}. Warning, these 
valves rely on accurate incoming ip addresses or hostnames. So they can fall 
victim to spoofing! See also {{{RemoteIpValve}}}. 
[[http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html|Valve Reference 
Link]]
  
  <<Anchor(Q7)>>
  === How do I use jsvc/procrun to run Tomcat on port 80 securely? ===
@@ -71, +71 @@

  <<Anchor(Q9)>>
  === How do I change the Server header in the response? ===
  
- In `server.xml` - add a "server" attribute to the Connector element. 
http://tomcat.apache.org/tomcat-6.0-doc/config/http.html
+ In `server.xml` - add a "server" attribute to the Connector element. 
http://tomcat.apache.org/tomcat-7.0-doc/config/http.html
  
  
  <<Anchor(Q10)>>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to