• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 398
  • Last Modified:

security risk using connection pool in Tomcat

I configured a pool connection using Tomcat 5.0. I used a single highly privileged database account for the connection pool and put plain username and password in server.xml file. Am I in security risk? If so, how do I fix it?
0
3v0luti0n
Asked:
3v0luti0n
1 Solution
 
shalomcCommented:
Hey,
You sure have a security risk.
A. Make sure that the server is protected against unauthorized access from the internal network.
B. Disable or rename the Tomcat administration and management accounts.
C. Audit the database account actual connections.
D. In your application, sanitize all of the input to avoid SQL injection and other bad stuff.
E. Place a hardened Apache with mod_jk or a hardened IIS with isapi_redirect in front of the Tomcat server - look at the Tomcat documentation on specific instructions - or place an Apache reverse proxy with mod_security in front of Tomcat.

ShalomC
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now