Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

how secure is tomcat

Tags:

security

tomcat

as can be seen from two other question I had I am looking for a secure webserver as there where discussion at work how safe tomcat really is. But basically what I found on the net regarding how safe it is is greek to me. So I was hoping, someone could explain to me how safe tomcat really is? Like, is it possible to mess with java-code on the server or something like this?

I know this is probabaly a dumb question, but I really can't seem to find an answer that helps me to argument that writing an own server is not more safe than using tomcat or how it might be better to use tomcat.

Maybe someone knows a good way to secure tomcat and to minimize certain functions of tomcat? (I really dunno how to else explain it ...)

I hope you can help me. Thnx in advance!

... dg

like image 827
doro Avatar asked Jun 12 '09 11:06

doro

2 Answers

Writing your own server? As opposed to using Tomcat? That is a classic case of reinventing the wheel and (unless you are the NSA) likely to result in a less secure server. Rhetorical question: Why not write your own OS to go with it!

Tomcat 6 is a very mature, stable, current, well understood code base that has had zillions of very, very smart people reviewing, testing it, and operating it in production for years and years.

Tomcat is very secure.

like image 169
Stu Thompson Avatar answered Oct 29 '22 00:10

Stu Thompson

maybe before, Tomcat was pretty unsecure, but nowadays... just anything having Apache under its name is enough for me to trust it. Anyway, security was ALWAYS imagination, there is not such thing existing in real life, so there would always be factor of (in)security.

Problem with Tomcat is like problem with Windows, no matter how 'secure' they built it, if there are millions of people out using it, hackers will have interest to invest their energy (and eventually, they will success) in finding way to break into it. So maybe to feel more secure, you can consider using something not wide used, but this will not help if hacker is intentionally hacking your site for some special reason, he will find out technology you are using and in this moment - it would be better it was Tomcat..

That is why is very important to 'get married' with open-source technologies like tomcat, since there is not big chance for a hole in system to live long, people have chance to fix things, you can always do the job yourself, do not have to wait for a new version etc.

like image 37
ante.sabo Avatar answered Oct 29 '22 01:10

ante.sabo
Sign in to Comment

Related questions

Does salt need to be random to secure a password hash?
Is Spring - SpEL vulnerable?
Mandrill Webhooks - Security
Why should I use $_GET and $_POST instead of $_REQUEST? [duplicate]
Weird Javascript in Template. Is this a hacking attempt?
Are Universal Links cached in iOS? Do they work offline?
Decompilation possibilities in iOS and how to prevent them
(Why) should I use obfuscation?
Validate that IPN call is from PayPal?
Can a secret be hidden in a 'safe' java class offering access credentials?
SecretKeyFactory.getInstance() throws exception for all algorithms in unit tests
iOS takes a screenshot of App every time it is sent to the background - How would I secure my App?
What is password strength considered enough for use with password_hash function?
How to restrict access to phpmyadmin? [duplicate]
Ruby on Rails source code security / obfuscation [duplicate]
Is storing the answer to a secret question any more secure than storing a password?
Why do I need to perform server side validation?
How can I avoid the "This page contains both secure and non secure items" warning in my browser?
What real life examples of security by obscurity have you seen/worked with? [closed]
Is there a best .NET algorithm for credit card encryption?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!