rent-now

Rent More, Save More! Use code: ECRENTAL

5% off 1 book, 7% off 2 books, 10% off 3+ books

9781861008305

Apache Tomcat Security Handbook

by
  • ISBN13:

    9781861008305

  • ISBN10:

    1861008309

  • Format: Trade Paper
  • Copyright: 2003-02-18
  • Publisher: Springer-Verlag New York Inc
  • Purchase Benefits
  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $39.99

Table of Contents

Introduction 1(1)
Who Is This Book For?
1(1)
What This Book Covers
2(1)
What You Need to Use This Book
3(2)
Understanding Tomcat Security
5(18)
Vulnerability Overview
6(3)
Ten Most Common Security Problems
6(2)
Known Tomcat Vulnerabilities
8(1)
Installation
9(6)
Running Tomcat as a Service
10(1)
Using an Unprivileged User Account
11(1)
Using a Firewall
12(2)
Connector Management
14(1)
Default Tomcat Applications
15(6)
The Manager Application
16(2)
The Admin Application
18(1)
The examples Application
19(1)
The WebDAV Application
19(2)
Summary
21(2)
Tightening File System Screws
23(28)
Permissions
23(4)
The Heterogeneity of Permissions
24(1)
Windows Permissions
24(2)
NTFS Permissions
26(1)
Unix Permissions
27(1)
Users, Groups, and Owners
27(4)
Creating Users and Groups in Windows
28(1)
Creating Users and Groups in Unix
29(2)
Assigning Permissions
31(9)
Permissions in Windows
31(1)
Inherited Permissions
32(1)
Group Permissions
33(2)
Verifying Permissions
35(1)
Command-line Permissions
35(1)
Permissions in Unix
36(1)
Unix versus Windows
37(1)
Changing Permissions
38(1)
Changing Ownership
39(1)
SUID/SGID Bits
39(1)
Planning Security Permissions
40(9)
Use the Latest Version
40(1)
Separate Tomcat Account
40(1)
Suggested Account Settings for Unix
40(1)
Suggested Account Settings for Windows
41(1)
Starting Tomcat as a Service
42(3)
Configuring File Permissions
45(2)
Issues Related to tomcat-users.xml
47(1)
Disable the UserDatabaseRealm
48(1)
Read-only Webapps Directory
48(1)
Secure Your Files
48(1)
Knowing If You've Been Violated
49(1)
Read-Only File Systems
49(1)
Summary
49(2)
Java Security Manager
51(36)
Security Manager Features
52(3)
Configuring the Security Policy File
55(6)
Policy File Format
55(1)
keystore Entry
55(1)
grant Entry
56(3)
Property Expansion in Policy Files
59(2)
Java Security Permissions
61(1)
Why Tomcat Needs the Security Manager?
62(1)
Configuring Tomcat with the Java Security Manager
63(21)
Tomcat's Policy File
64(1)
System Code Permissions
64(1)
Catalina Code Permissions
65(1)
Web Application Permissions
66(2)
java.util.PropertyPermission
68(1)
java.lang.RuntimePermission
69(4)
java.io.FilePermission
73(2)
java.net.SocketPermission
75(1)
java.net.NetPermission
76(1)
java.lang.reflect.ReflectPermission
77(1)
java.security.SecurityPermission
78(2)
java.security.AllPermission
80(1)
Debugging Java Security Manager Installation
81(1)
Installation Check
82(2)
Summary
84(3)
Security Realms
87(56)
Realms
87(1)
Security and Web Applications
88(9)
Authentication Mechanisms
89(1)
HTTP Basic Authentication
89(1)
HTTP Digest Authentication
90(1)
Form-Based Authentication
90(2)
HTTPS Client Authentication
92(2)
Using HTTP Basic and Form-based Authentication over SSL
94(1)
Choosing an Authentication Mechanism
94(1)
Authorization: Security Models for Web Applications
95(1)
Container-Managed Security
95(1)
Programmatic Security
96(1)
Pros and Cons of Container-Managed Security (Realms)
97(1)
Tomcat's Realms
97(5)
Adding Security Constraints to Web Applications
99(2)
Single Sign On (SSO) for Web Applications
101(1)
Security Considerations for Single Sign On
101(1)
Memory Realm
102(5)
Configuration
102(1)
Adding a User
103(2)
Using Encrypted Passwords
105(1)
Choosing between MD5 and SHA
106(1)
Deleting a User
107(1)
Pros and Cons of Memory Realms
107(1)
UserDatabase Realm
107(10)
Configuration
107(2)
Adding a Role
109(2)
Adding a User
111(1)
Using Encrypted Passwords
112(3)
More on UserDatabases: Using the UserDatabase API
115(1)
Pros and Cons of UserDatabase Realms
116(1)
JDBC Realm
117(9)
Configuration
117(6)
Adding a User
123(1)
Adding a Role
124(1)
Deleting a User
124(1)
Deleting a Rrole
125(1)
Pros and Cons of JDBC Realms
125(1)
JNDI Realm
126(8)
Configuration
127(3)
Attributes of the JNDI Realm
130(3)
Adding Roles and Users
133(1)
Remove a Role or a User
133(1)
Pros and Cons of JNDI Realms
133(1)
JAAS Realm
134(5)
Configuration
135(3)
Adding or Deleting Users and Roles
138(1)
Developing Custom Realms
138(1)
Choosing a Realm Implementation
139(1)
Performance
139(1)
Security
139(1)
Add/Change Users, Roles Without Restarts
139(1)
Managability
139(1)
Custom Management Applications
140(1)
Summary
140(3)
Secure Sockets and Tomcat
143(38)
PKI
144(5)
What is PKI?
144(1)
Encryption
144(1)
Symmetric
144(1)
Asymmetric
145(1)
Digital Certificates
145(1)
Certificate Authorities
146(2)
Certificate Chains
148(1)
Digital Signatures
149(1)
SSL
149(2)
What is SSL?
149(1)
Why is SSL Needed?
150(1)
How it Works
150(1)
Why Tomcat and SSL?
151(1)
Configuring Tomcat and SSL
152(12)
JSSE Install
153(2)
JDK keytool Utility
155(1)
Creating a New Keystore from Scratch
155(2)
The Cacerts Keystore
157(1)
Generating a Certificate Signing Request
158(1)
Trusting a Certificate Authority
159(1)
Importing a Certificate into a Keystore
160(1)
Configuring an HTTPS Connector
161(2)
Installation Caveats
163(1)
Known Issues
164(1)
SSL Web Resource Protection
164(4)
WidgetWorld
165(1)
Looking at web.xml
165(1)
Looking at server.xml
166(2)
SSL and Apache
168(5)
Installing mod_ssl
170(3)
SSL and AJP
173(4)
Overview Of AJP
173(1)
Overview of mod_jk
173(1)
Installing mod_jk
173(2)
SSH Tunneling
175(1)
Establishing the Tunnel
175(1)
Configuring mod_jk
176(1)
Caveats
177(1)
Ongoing SSL Management
177(1)
Summary
178(3)
Application Security
181(28)
What is Application Security?
181(2)
Validation
183(6)
Using Regular Expressions
183(2)
Obscure Form Data Values
185(3)
SSL Protocol Validation
188(1)
Cookies and Session IDs
189(4)
Minimize Cookie Usage
189(1)
Cookie Validation
190(1)
Using Sessions with JSESSIONID
191(2)
SQL Security
193(6)
Securing Connection Parameters
193(3)
Prepared Statements
196(2)
Stored Procedures
198(1)
Securing Your Java Package
199(3)
Java.security
199(1)
Protecting Packages
199(3)
Known Issues
202(4)
The Default Invoker Servlet
202(2)
Symbolic Links
204(1)
JK Synchronization
205(1)
Protecting WEB-INF
205(1)
Summary
206(3)
Appendix : Support, Errata, and Code Download
209(4)
How to Download the Sample Code for the Book
209(1)
Errata
210(1)
E-Mail Support
210(1)
p2p.wrox.com
211(2)
Index 213

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program