Friday, September 16, 2005

Tomcat Security and Development

Often when I am doing development with Bodington on Tomcat I have very little security enabled in the application so that I can easily login and so on. To slightly improve things I always make sure my development version of tomcat is only listening on the loopback interface. Todo this you just edit the connector section of your server.xml file: <Connector port="8080" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="8443" acceptCount="100" debug="0" connectionTimeout="20000" disableUploadTimeout="true" address="" /> adding in the address bit, then only people on your machines will be able to access the tomcat web server. Just remember demoing things to other people becomes a little harder.