Tomcat is a great reference implementation of the Java EE specification and
is intended for desktop use by developers who are starting to learn about
Java EE or those who work on enterprise applications and need an EE server
for development. However because Tomcat is free it finds its way into
production environments. In this environment there are features of Tomcat
that don't pass security audit reviews. One of these features is the use of
clear text passwords in the server.xml file to create data sources. The
purpose of this article is to show how encryption of the username and
password can be implemented thus closing a potential security vulnerability.
Configuring a container managed data source with Tomcat is easy and well
documented under the "JDBC DataSources" section of Tomcat's documentation
(this article uses Tomcat 5.0.28). The data source configuration inf... (more)
Java's implementation of Remote Method Invocation (RMI) is easy to use and
powerful. Java makes setting up an RMI server an almost trivial task because
the JVM handles complex tasks such as networking and object serialization.
Once running, connecting client applications to the RMI server is also a
breeze.
There are numerous examples and how-to articles for client-to-server
communication (http://java.sun.com/developer/onlineTraining/rmi), but what
about the other way? Is it possible for an RMI server to actively communicate
with all the clients that are connected to it without t... (more)
One of the great things about the Java programming language is the Open
Source community that provides great applications at little or no cost. An
example of this is Apache Tomcat, which provides a solid Web server for
development using servlet or JSP technology. Now that Web Service technology
is maturing there's a potential for a whole scenario of applications to take
advantage of a Swing feature-rich thin client on the front-end coupled to the
data verification and business logic already developed in the Web or ejb
tier. Such applications are only viable if they can be secure,... (more)
Michael J. Remijan is a research programmer at the National Center for Supercomputing Applicaitons (NCSA). His chief responsibilities include data miming and access to terabyte-sized astronomy data sets. Michael received a BS in mathematics and computer science from the University of Illinois and is currently working on an MBA in technology management.
Scott Sellers
Anthony Franco
Daniel Morris
Wayne Walls
Niki Acosta
Jereme Hancock
Oren Michels
Marvin Wheeler
Douglas Kim
Ken Guiberson
