Solved

security risk using connection pool in Tomcat

Posted on 2004-08-26
1
387 Views
Last Modified: 2010-04-20
I configured a pool connection using Tomcat 5.0. I used a single highly privileged database account for the connection pool and put plain username and password in server.xml file. Am I in security risk? If so, how do I fix it?
0
Comment
Question by:3v0luti0n
1 Comment
 
LVL 33

Accepted Solution

by:
shalomc earned 500 total points
ID: 11924612
Hey,
You sure have a security risk.
A. Make sure that the server is protected against unauthorized access from the internal network.
B. Disable or rename the Tomcat administration and management accounts.
C. Audit the database account actual connections.
D. In your application, sanitize all of the input to avoid SQL injection and other bad stuff.
E. Place a hardened Apache with mod_jk or a hardened IIS with isapi_redirect in front of the Tomcat server - look at the Tomcat documentation on specific instructions - or place an Apache reverse proxy with mod_security in front of Tomcat.

ShalomC
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A web service (http://en.wikipedia.org/wiki/Web_service) is a software related technology that facilitates machine-to-machine interaction over a network. This article helps beginners in creating and consuming a web service using the ColdFusion Ma…
One of the typical problems I have experienced is when you have to move a web server from one hosting site to another. You normally prepare all on the new host, transfer the site, change DNS and cross your fingers hoping all will be ok on new server…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now