Hello If I have changed the default admin & manager passwords and have a personal firewall preventing anything other than http & http:8080 access, is it still possible for people to view the tomcat-users.xml file? With only those two protocols open (plus udp 53 for dns)it should be impossible.
What is the best practice for running TC "hardened"? Run it as a seperate user with read only? To implement jaas/how? Any recommendations, url would be appreciated. tia. __________________________________ Start your day with Yahoo! - Make it your home page! http://www.yahoo.com/r/hs --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]