Security Basics mailing list archives
Re: Tomcat 5.5 Admin webpage
From: Jeronimo Zucco <jczucco () ucs br>
Date: Thu, 07 Feb 2008 09:05:37 -0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 m.farid.shawara () gmail com wrote:
Dear All : We have a system works with Tomcat 5.5.25 on port 443 We used to use the application with the address https://servername To manage the application we are using the URL : https://servername/Admin The problem is that opening the page https://servername/Admin doesn't need any credentials !!!! When we asked the software house - they said that we can secure it by only enable the localhost IP or any other IP in the server.xml file !!! I need to put a username/password technique on this Admin page - what is your advise ??
Set it in tomcat-users.xml: 1. <!-- 2. NOTE: By default, no user is included in the "manager" role required 3. to operate the "/manager" web application. If you wish to use this app, 4. you must define such a user - the username and password are arbitrary. 5. --> 6. <tomcat-users> 7. <user name="tomcat" password="tomcat" roles="tomcat" /> 8. <user name="role1" password="tomcat" roles="role1" /> 9. <user name="both" password="tomcat" roles="tomcat,role1" /> 10. </tomcat-users> - -- Jeronimo Zucco LPIC-1 Linux Professional Institute Certified NĂșcleo de Processamento de Dados Universidade de Caxias do Sul http://jczucco.blogspot.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHquYBWi/PuDd2cZARAowAAKCpBKqQy9OrVI7dU0CDJeW1JpC+bQCfV8ov yggZwQsrtveHPbhE4GwqMYg= =4mh5 -----END PGP SIGNATURE-----
Current thread:
- Tomcat 5.5 Admin webpage m.farid.shawara (Feb 06)
- Re: Tomcat 5.5 Admin webpage Jeronimo Zucco (Feb 07)