> From: Tom-cat [mailto:jithu.m...@gmail.com] > Subject: Avoiding username/password being logged into localhost access > logs > > We are using Tomcat 5.0.27.
No longer supported. > It has become a security issue as anyone with an > account to the system can browse through the logs > and find out the username and password of the users. Why are your log files publically accessible? You didn't tell us the platform you're running on, but pretty much everything has ways to make files/directories accessible only to select users. Is your Tomcat configuration accessible as well? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
