Securing the Tomcat Server

kklosson

I need to run my application as securely as possible. This means special configurations to the Tomcat server to invoke the catalina.policy file. Generally there are two files to be modified:

startupOptions.props file in AwareIM\bin
catalina.properties in C:AwareIM\Tomcat\Conf

I currently have a consultant setting this up for me and he's real close. But I'm curious if anyone has made these configurations and if you are willing to share anything.

Powerm

I have the same "problem" too, that's why we should have the latest Tomcat version installed with AwareIM...and not have to pay someone at each update. The installation of the https certificate is a pain. The first thing you have to secure is Tomcat being only available from localhost. The Tomcat Manager folder as well should not be available from the internet. Even most important, the sensitive data should be encrypted within MySql using SHA2 at least. Not hard to put in place but so boring and you have to start from scratch at each update.

hpl123

Yes please!!! Enough of us do this after every update so hoping this gets prioritized soon.

kklosson

Bumping this...

I have a really knowledgeable Tomcat consultant working to create a security policy for the Tomcat server, and he's struggling a bit. To implement security, one needs to tweak

startupOptions.props, and
catalina.policy

We come close but have been unable to get the settings just right, so if anyone out there has conquered this, please advise - my guy could use some help.

weblike

Hi,

Have you found a solution on this?

Thank you.

kklosson

No, I abandoned the effort.