Month: January 2010

Is your Tomcat Secure?

Posted on | by Sateesh Narahari | 4 Comments on Is your Tomcat Secure?
Reading Time: 7 minutes

Apache Tomcat is the perfect application server for deploying your web applications in production. In fact, it also happens to be the only Java application server that has hardening guidelines published by Center for Internet Security (CIS). CIS publishes hardening guidelines for widely used software to help enterprises protect their deployments. The very fact that they have hardening guidelines for Tomcat is a testament to its widespread popularity and usage.

So, how do you know if your Tomcat installation is secure? Its actually very easy. I will provide step-by-step instructions on evaluating whether your Tomcat is secure. If you find that you need to make changes, you can use Tcat Server to harden your Tomcat instance.
Continue reading

Tomcat Restarts: Is it a Big Deal?

Posted on | by Sateesh Narahari | 5 Comments on Tomcat Restarts: Is it a Big Deal?
Reading Time: 7 minutes

While we like to believe that our application servers and web applications are flawless, the reality is that applications have bugs. Sometimes, they have nasty bugs, such as holding onto references and thus causing larger memory consumption over time. As a result, many IT operations have put in place processes to restart the application servers and web applications on a periodic basis. Some have written scripts to do this, and some rely on an administrator to wake up in the middle of the night to login remotely to the server and do the restarts. Even if you have flawless web applications, you still need to restart your application server as a result of configuration changes and/or to deploy new versions of your web applications. Continue reading