Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Tomcat 5.5 Admin webpage

From: Jeronimo Zucco <jczucco () ucs br>
Date: Thu, 07 Feb 2008 09:05:37 -0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

m.farid.shawara () gmail com wrote:

Dear All : We have a system works with Tomcat 5.5.25 on port 443

We used to use the application with the address https://servername
To manage the application we are using the URL :
https://servername/Admin

The problem is that opening the page https://servername/Admin
doesn't need any credentials !!!! When we asked the software house
- they said that we can secure it by only enable the localhost IP
or any other IP in the server.xml file !!!

I need to put a username/password technique on this Admin page -
what is your advise ??


Set it in tomcat-users.xml:

   1. <!--
   2.   NOTE:  By default, no user is included in the "manager" role
required
   3.   to operate the "/manager" web application.  If you wish to use
this app,
   4.   you must define such a user - the username and password are
arbitrary.
   5. -->
   6. <tomcat-users>
   7.   <user name="tomcat" password="tomcat" roles="tomcat" />
   8.   <user name="role1"  password="tomcat" roles="role1"  />
   9.   <user name="both"   password="tomcat" roles="tomcat,role1" />
  10. </tomcat-users>



- --
Jeronimo Zucco
LPIC-1 Linux Professional Institute Certified
NĂșcleo de Processamento de Dados
Universidade de Caxias do Sul

http://jczucco.blogspot.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHquYBWi/PuDd2cZARAowAAKCpBKqQy9OrVI7dU0CDJeW1JpC+bQCfV8ov
yggZwQsrtveHPbhE4GwqMYg=
=4mh5
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: