Securing Apache Tomcat for your Environment

A default Apache Tomcat installation is secure but each installation environment is different and may have additional security requirements. This presentation will examine the security configuration options available in Apache Tomcat, when to use them (and when not to use them) and the threats they might help mitigate. The rationale behind having resource passwords (eg for database access) in clear text in server.xml will also be discussed.