...
| Info |
|---|
Per p11 of Center for Internet Security, Security Configuration Benchmark for Apache Tomcat 5.5/6.0 Version 1.0.0. |
Remove Server Information Details
...
Clear Text Passwords
When configuring resources such as JDBC, Tomcat only supports clear text username and password in server.xml. By default, if untarred per the BonsaiFramework instructions, server.xml will only be readable by serveradmin.
...