Thanks for the prompt Reply. The tomcat is running on AIX 5.3 and the files are not publicly accessible. Its only accessible to few users.
But the user wants the username and password to be obscured. On Wed, Apr 22, 2009 at 5:43 PM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote: > > From: Tom-cat [mailto:jithu.m...@gmail.com] > > Subject: Avoiding username/password being logged into localhost access > > logs > > > > We are using Tomcat 5.0.27. > > No longer supported. > > > It has become a security issue as anyone with an > > account to the system can browse through the logs > > and find out the username and password of the users. > > Why are your log files publically accessible? You didn't tell us the > platform you're running on, but pretty much everything has ways to make > files/directories accessible only to select users. > > Is your Tomcat configuration accessible as well? > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
