Tomcat server
You are responsible for security measures related to the Tomcat server.
To secure Tomcat, we recommend:
- Removing the manager application
- Turning off automatic unpacking and deployment of WAR files
- Using secure usernames and passwords
- Not exposing Tomcat directly to the Internet. Instead, consider implementing Apache HTTP Server or Microsoft IIS as a reverse proxy. See Reverse proxy considerations.