• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Hacking tomcat server

 
vijin das
Ranch Hand
Posts: 129
Firefox Browser Java Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
is it possible to hack a tomcat server running on a linux server machine ???

what about if it is running in windows server machine

beacause i have seen a website name http://keralatrconline.com is down most of the times its ticket booking link on that page is not able to access most of the times ....(that site is using tomcat )

what all measures to secure your sever if in linux and if in windows ???
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65124
91
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Just because a server is down a lot doesn't mean that it's been "hacked".
 
vijin das
Ranch Hand
Posts: 129
Firefox Browser Java Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
ok there is a chance of that also but still my questions are valid ???
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65124
91
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Server security has multiple dimensions. Is there a particular one that you are concerned about?
 
vijin das
Ranch Hand
Posts: 129
Firefox Browser Java Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
no ..just want to know about the loop holes present if am running tomcat on specific os like in windows as well as in linux ...

or i need how to safe gurad your tomcat server in both of these operating systems...???
 
Lester Burnham
Rancher
Posts: 1337
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
All operating systems and all servers have security holes that may or may not be exploitable under any given circumstances. Your best bet is to have a competent system administrator who keep all parts updated, sets up logging, monitoring and backups etc.

The web apps themselves are another attack vector; the http://faq.javaranch.com/java/SecurityFaq has a section on the Do's and Don'ts of those.
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18277
56
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Because Java runs in a VM and the VM was designed for security, Java overall has a very good security track record.

Because Sun designed their various standards (including J2EE) with security in mind, J(2)EE has a very good security track record.

Tomcat itself has likewise proven to be quite secure.

Webapps, on the other hand, are probably insufficiently secure 95% of the time or more. It's difficult to secure a webapp even when using a reliable, well-designed, well-tested and mature security framework. And probably 90+% of the time people don't use those frameworks, they invent their own. And, as people here are doubtless tired of hearing, I've never yet encountered a DIY security framework that was actually secure.

But the sad, simple truth is that 90% of the web applications out there are crap. They don't need to be hacked to go down. They can do it all by themselves. And, while perfection is an impossible game, the rule of the day is "Git 'R Dun!". Never mind if it's reliable or secure. We want it pretty, we want it cheap, and we want it now.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic