File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Tomcat and the fly likes A common question of Apache-Tomcat security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "A common question of Apache-Tomcat security" Watch "A common question of Apache-Tomcat security" New topic

A common question of Apache-Tomcat security

Jorma Ikonen
Ranch Hand

Joined: Sep 17, 2001
Posts: 49
Hi guys,
I'm developing a system what consists of applet, servlet and servers. The aim is that the applet makes an encrypted connection to the servlet what further creates a socket-connection to the selected servers.
The Apache-Tomcat is running on DMZ-area and only the port 80 is opened to out-direction. This should be ok, but the socket-connection requires also that the firewall is opened to in-direction. The question is that how huge security hole we are drilling? The servlet itself is / should be secure, but how about other issues (Tomcat configuration, operating system, etc.)? Used Apache-Tomcat version is 4.0.3 and operating system is Windows 2000 Pro .
If assuming that the web-server itself is secure, should I build up a process "watchdog" what closes the firewall automatically in case of web-server fall-down. Further, is there any available software to do that?
Thanks in advance.
I agree. Here's the link:
subject: A common question of Apache-Tomcat security
It's not a secret anymore!