On 11/02/2019 19:53, Christopher Schultz wrote: > https://people.apache.org/~schultz/Apache%20RoadShow%20DC%202019/Locking > -Down%20Apache%20Tomcat_outline.pdf
s/Default credentials/No default credentials/ Some Tomcat directories (logs, work) need to be writeable by the Tomcat user. Add the Manager app to the sharp edges. App deployment == RCE. App is biggest risk. HTH, Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org