To prevent malicious parties and viruses from sniffing your password each time you deploy your applications or new content, it is important that you use a secure communication method.
It is important to never use Tomcat's default BASIC Authentication when accessing the Tomcat Manager over plain HTTP. We lock down all Tomcat instances to use HTTP DIGEST Authentication which prevents your password from being sent as plain text.
For the best security, we recommend you always use end-to-end encryption (FTP-SSL, SFTP, RSync over SSH, SSL/TLS for Tomcat Manager) to upload your applications, as this not only prevents password sniffing, but also ensures you are not sending sensitive files which may contain passwords or your intellectual property over a plain-text connection (eg: context.xml, hibernate config).
Secure Deployment | All Plans |
Tomcat Manager - Deploy WARs directly from your browser - Reload new versions and new applications on demand - Available over SSL/TLS if you have an SSL certificate - Secured with HTTP-DIGEST Authentication enhanced security, not BASIC Authentication which is standard on other hosts, VPS and cloud systems |
|
Admin Console (SSL/TLS) - Deploy WAR files or project files via our control panel conveniently over SSL using your browser, for increased security compared to Tomcat Manager |
|
FTPS (FTP-SSL/TLS) - Upload webapps, manage tomcat, logs and other files - Legacy FTP also available to support your older clients which still require training, but we recommend you move them over to FTPS after transferring their sites to our environment - Only PCI compliant ciphers are used |
|
SFTP - Upload webapps, manage tomcat, logs and other files |
|
RSync over SSH - Sync your files automatically over an SSH tunnel |
|
Secure Online DB Administration - Manage your databases from your browser over SSL/TLS with phpMyAdmin and phpPgAdmin |
|
Secure External DB Connection - Safely retrieve or upload private or financial data to your databases from your office over SSH/SSL - Utilise online databases for shared desktop applications on the cloud/internet (multiple offices, sports clubs) |