Apache Tomcat boasts an impressive track record when it comes to security. According to the official Apache Tomcat Wiki Pages, there has never been a reported case of actual damage or significant data loss due to a malicious attack on any Apache Tomcat instance. Most vulnerabilities, both major and minor, are discovered by the Tomcat community itself or security researchers, and quickly patched. Thus, the default installation of Tomcat can be said to be "fairly secure".
Starting from this baseline, there are additional measures that can be taken to make Tomcat as secure as possible for a given use case. As with any security scenario, Tomcat security is a matter of balancing ease of use and access with restriction and hardening of access. For example, although it is technically more secure to disable Tomcat's deployment capabilities when moving to production, for many organizations the desire to automate deployment supersedes the security benefit of disabling these features. Continue reading “Improving Apache Tomcat Security – A Step By Step Guide” »
Secure Socket Layer (SSL) is a protocol that provides security for communications between client and server by implementing encrypted data and certificate-based authentication. Technically, the term "SSL" now refers to the Transport Layer ouSecurity (TLS) protocol, which is based on the original SSL specification.
SSL is one of the most common ways of integrating secure communication on the internet, as it is a mature protocol that is well-supported by every major browser and a number of well-respected organizations provide third party SSL authentication services.
If you're using Apache Tomcat, chances are that at least some of the data you're handling is sensitive, and SSL is an easy way to offer your users security. The good news is that Tomcat fully supports the SSL protocol. The bad news is that the configuration process and SSL itself can be a little confusing for first-time users.
Don't worry! To help you get SSL working with your Tomcat servers, we've assembled a simple, comprehensive, step-by-step guide to using SSL with Tomcat. From an overview of how the protocol actually works, to clear, simple configuration instructions, this guide will help you get SSL running on your server in no time.
Tcat eliminates tedious configuration tasks. Create the correct configuration a single time, save it to a server profile, and apply it to other instances (or groups of instances) with a single click. Try Tcat for free today! Continue reading “A Simple Step-By-Step Guide To Apache Tomcat SSL Configuration” »
This article outlines a procedure for installing Tomcat 6 in Debian Lenny. Keep in mind that this does not include Apache 2 installation or integration. Apache must be installed separately and integrated to work with Tomcat.
Add following line in sources list-
deb http://ftp.debian.org/debian/ squeeze non-free
Update and install java
apt-get install sun-java6-jdk sun-java6-jre libtcnative-1
Add the following at the end of the file: Continue reading “Install Tomcat 6 in Debian” »