...
Supplied Web Applications
| Warning |
|---|
We recommend that you remove all supplied Tomcat |
...
The Manager Webapp is disabled by default.
| Warning |
|---|
Do not enable the Manager Webapp unless explicitly advised to do so by PhixFlow Supportweb applications as they are not required for PhixFlow's normal operation and constitute potential security loopholes. |
These are the supplies web apps, in more detail.
| Supplied Web Application | Description |
|---|---|
| ROOT | The ROOT web application presents a very low security risk but it does include the version of Tomcat that is being used. The ROOT web application should normally be removed from a publicly accessible Tomcat instance, not for security reasons, but so that a more appropriate default page is shown to users. |
| Documentation | The documentation web application presents a very low security risk but it does identify the version of Tomcat that is being used. It should normally be removed from a publicly accessible Tomcat instance. |
| Examples | The examples web application should always be removed from any security sensitive installation. |
| Manager | The Manager application allows the remote deployment of web applications and is frequently targeted by attackers due to the widespread use of weak passwords and publicly accessible Tomcat instances with the Manager application enabled. |
| Host Manager | The Host Manager application allows the creation and management of virtual hosts - including the enabling of the Manager application for a virtual host. |
Database JDBC Drivers
The drivers needed to connect to PhixFlow’s own database are included within the release pack and no action is needed.
...