Solved

security risk using connection pool in Tomcat

Posted on 2004-08-26
1
389 Views
Last Modified: 2010-04-20
I configured a pool connection using Tomcat 5.0. I used a single highly privileged database account for the connection pool and put plain username and password in server.xml file. Am I in security risk? If so, how do I fix it?
0
Comment
Question by:3v0luti0n
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 33

Accepted Solution

by:
shalomc earned 500 total points
ID: 11924612
Hey,
You sure have a security risk.
A. Make sure that the server is protected against unauthorized access from the internal network.
B. Disable or rename the Tomcat administration and management accounts.
C. Audit the database account actual connections.
D. In your application, sanitize all of the input to avoid SQL injection and other bad stuff.
E. Place a hardened Apache with mod_jk or a hardened IIS with isapi_redirect in front of the Tomcat server - look at the Tomcat documentation on specific instructions - or place an Apache reverse proxy with mod_security in front of Tomcat.

ShalomC
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is a guide to setting up a new WHM/cPanel Server to be used for web hosting accounts. It is intended for web hosting company administrators and dedicated server owners. For under $99 per month (considering normal rate of Big Data Cetnters like …
One of the typical problems I have experienced is when you have to move a web server from one hosting site to another. You normally prepare all on the new host, transfer the site, change DNS and cross your fingers hoping all will be ok on new server…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question