This week's book giveaways are in the Java EE and JavaScript forums.
We're giving away four copies each of The Java EE 7 Tutorial Volume 1 or Volume 2(winners choice) and jQuery UI in Action and have the authors on-line!
See this thread and this one for details.
The moose likes Tomcat and the fly likes Hacking tomcat server Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Hacking tomcat server" Watch "Hacking tomcat server" New topic
Author

Hacking tomcat server

vijin das
Ranch Hand

Joined: Jun 07, 2010
Posts: 129

is it possible to hack a tomcat server running on a linux server machine ???

what about if it is running in windows server machine

beacause i have seen a website name http://keralatrconline.com is down most of the times its ticket booking link on that page is not able to access most of the times ....(that site is using tomcat )

what all measures to secure your sever if in linux and if in windows ???


VIJINDAS
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61066
    
  66

Just because a server is down a lot doesn't mean that it's been "hacked".


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
vijin das
Ranch Hand

Joined: Jun 07, 2010
Posts: 129

ok there is a chance of that also but still my questions are valid ???
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61066
    
  66

Server security has multiple dimensions. Is there a particular one that you are concerned about?
vijin das
Ranch Hand

Joined: Jun 07, 2010
Posts: 129

no ..just want to know about the loop holes present if am running tomcat on specific os like in windows as well as in linux ...

or i need how to safe gurad your tomcat server in both of these operating systems...???
Lester Burnham
Rancher

Joined: Oct 14, 2008
Posts: 1337
All operating systems and all servers have security holes that may or may not be exploitable under any given circumstances. Your best bet is to have a competent system administrator who keep all parts updated, sets up logging, monitoring and backups etc.

The web apps themselves are another attack vector; the http://faq.javaranch.com/java/SecurityFaq has a section on the Do's and Don'ts of those.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16019
    
  20

Because Java runs in a VM and the VM was designed for security, Java overall has a very good security track record.

Because Sun designed their various standards (including J2EE) with security in mind, J(2)EE has a very good security track record.

Tomcat itself has likewise proven to be quite secure.

Webapps, on the other hand, are probably insufficiently secure 95% of the time or more. It's difficult to secure a webapp even when using a reliable, well-designed, well-tested and mature security framework. And probably 90+% of the time people don't use those frameworks, they invent their own. And, as people here are doubtless tired of hearing, I've never yet encountered a DIY security framework that was actually secure.

But the sad, simple truth is that 90% of the web applications out there are crap. They don't need to be hacked to go down. They can do it all by themselves. And, while perfection is an impossible game, the rule of the day is "Git 'R Dun!". Never mind if it's reliable or secure. We want it pretty, we want it cheap, and we want it now.


Customer surveys are for companies who didn't pay proper attention to begin with.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Hacking tomcat server