aspose file tools*
The moose likes Tomcat and the fly likes A common question of Apache-Tomcat security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "A common question of Apache-Tomcat security" Watch "A common question of Apache-Tomcat security" New topic
Author

A common question of Apache-Tomcat security

Jorma Ikonen
Ranch Hand

Joined: Sep 17, 2001
Posts: 49
Hi guys,
I'm developing a system what consists of applet, servlet and servers. The aim is that the applet makes an encrypted connection to the servlet what further creates a socket-connection to the selected servers.
The Apache-Tomcat is running on DMZ-area and only the port 80 is opened to out-direction. This should be ok, but the socket-connection requires also that the firewall is opened to in-direction. The question is that how huge security hole we are drilling? The servlet itself is / should be secure, but how about other issues (Tomcat configuration, operating system, etc.)? Used Apache-Tomcat version is 4.0.3 and operating system is Windows 2000 Pro .
If assuming that the web-server itself is secure, should I build up a process "watchdog" what closes the firewall automatically in case of web-server fall-down. Further, is there any available software to do that?
Thanks in advance.
Regards,
Jorma
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: A common question of Apache-Tomcat security