> Is there any vulnerability on the use of Nutch that
> could let a server vulnerabile?
> The use of tomcat, for example, on port 8080 can
> let the server vulnerabile?
> Is there a way to make the server secure?
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
Michael Ji wrote:
> No particular vunerable higher than the case you
> running a web server, if I am not wrong;
> tomcat is same as a webserver except JSP is its' core
I would suggest following any instructions that Tomcat has
for locking it down. For instance, there is a conf setting
(the default servlet setup in conf/web.xml) to disallow
reading directories when a welcome page (index.html,
index.jsp, etc) is not present. v5.5 comes with the manager
webapp disabled and the admin webapp uninstalled. (I'm not
sure whether this practice started with v5.0)
The invoker servlet should be disabled (conf/web.xml) too.
I have not seen any discussion about the dumbo passwords in the
tomcat-users.xml in the default install for user tomcat and
role1. Just in case, my practice is to change those default
passwds. (These might be for examples.)