THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Wiki Markup \[#Q1 How do I use OpenSSL to set up my own Certificate Authority (CA)?\]
Wiki Markup \[#Q2 OH NO! PORT 8005 is available for anyone on localhost to shutdown my tomcat!\]
Wiki Markup \[#Q3 What about Tomcat running as root?\]
Wiki Markup \[#Q4 How to I force all my pages to run under HTTPS?\]
Wiki Markup \[#Q5 What is the default login for the manager and admin app?\]
Wiki Markup \[#Q6 How do I restrict access by ip address or remote host?\]
Wiki Markup \[#Q7 How do I use jsvc/procrun to run Tomcat on port 80 securely?\]
Wiki Markup \[#Q8 Has Tomcat's security been independently analyzed or audited?\]
Wiki Markup \[#Q9 How do I change the Server header in the response?\] \\
Answers
How do I use OpenSSL to set up my own Certificate Authority (CA)?
...
Wiki Markup |
---|
Yes, by numerous organizations and individuals, many times. Try \[http://www.google.com/search?sourceid=navclient&ie=UTF-8&q=is+tomcat+secure this Google search\] and you'll see many references, guides, and analyses. |
How do I change the Server header in the response?
In server.xml - add a "server" attribute to the Connector element. http://tomcat.apache.org/tomcat-6.0-doc/config/http.html