×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

Tomcat Query

Tomcat Query

Tomcat Query

(OP)
Hi guys,

our application security team recommended that we make 3 changes to enhance our application's security:

1. Ensure that the secure flag is set for cookies.
2. Ensure that the HTTPOnly flag is set for cookies
3. Disable all unnecessary methods in the web server config (PUT and DELETE)

To implement we did the following:

1.
In D:\apache\apache-tomcat-7.0.55 open the server.xml file.
Add below parameter (in bold) in server.xml under Connector port syntax:

<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="60000"
redirectPort="8443"
secure="true"/>

2.
In In D:\apache\apache-tomcat-7.0.55\conf open the context.xml file.
Add the below parameter in context.xml after Context:

<Context useHttpOnly="true">

3.
In In D:\apache\apache-tomcat-7.0.55\conf open the web.xml file.
insert a <security-constraint> element directly under the <web-app> element:


<security-constraint>
<web-resource-collection>
<web-resource-name>restricted methods</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint />
</security-constraint>

After we applied the above we rebooted the application server.
Since then though we have been unable to login to Clarity.

Can anyone please advise? Thanks.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close