You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by "Ian Kallen <iank@covalent.net>" <ia...@covalent.net> on 2001/03/28 00:15:19 UTC

ajp1X protocol security

I'm just recently getting more intimate with Tomcat's architecture and I'm
wondering what provisions and plans are in place for security in the
protocols btw http servers and the servlet engine.  What are the
vulnerabilities now and how are people using Tomcat in production
protecting themselves?  Firewalling access to ports 8007/8009?  Sorry if
this is a FAQ, I just didn't a clear definition of the status and the
future plans documented anywhere.

cheers,
-Ian

--
Ian Kallen <ia...@covalent.net> | AIM: iankallen