tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Cassidy <dcass...@hotgen.com>
Subject Re: Why and How Tomcat before Apache?
Date Fri, 17 Aug 2001 15:54:10 GMT
Martin van den Bemt wrote:
> 
> > check out if you can do a rm -rf * from within java...
> 
> Yep works cool.. It saves a lot of work if I'm the admin, integrator and
> programmer at the same time ;-)), so those things don't slip through (we
> have a small team of programmers and all things are tested first.. a
> nice
> form to type in rm -f that also gets invoked will never get through ;-))

ouch !

> > Don't know if you can, don't know how well the JVM will
> > protect you but
> 
> Nope, if I want to do that, then it must work ;).. (we use all system
> options quite heavily, also admin of /etc/passwd etc, so we need access
> sometimes..)
> 
> > I run mine as a different user.
> 
> I you don't block 8007 and 8009 for unautharized access, you will get a
> lot
> of bad packets (at least in 3.3 and ajp13, don't know what happens with
> older versions though). Someone eventually could find a bug and exploit
> and
> down your server or delete your webapp or other data. You don't solve
> that
> problem with running as a seperate user..

Tomcats ports are not visible from the outside. Only access is through 
apache - ie mod_jk ...

> > Do you run your apache as root ?
> 
> Nope as nobody (which is also not completely safe on default installs,
> since it also used by some daemons..)
> 

It's an interresting world isn't it !

Same programs, same os's but so many different ways ...

> Mvgr,
> Martin
> 
> > David
> >
> >
> > Martin van den Bemt wrote:
> > >
> > > Please tell me what is dangerous about running tomcat as root? I've
> > > taken
> > > the following security measures :
> > > port 8007 and 8009 is blocked from the outside (firewall)
> > > tomcat is not running on 8080 and only allowing communications from
> > > localhost (127.0.0.1).
> > > The only potential problem is that if a tomcat /apache bug is
> exploited,
> > > you potentially have a problem.
> > >
> > > Looks pretty solid to me though..
> > >
> > > Mvgr,
> > > martin
> > >
> > > > -----Original Message-----
> > > > From: david@carrot.hotgen.com [mailto:david@carrot.hotgen.com]On
> > > Behalf
> > > > Of David Cassidy
> > > > Sent: Friday, August 17, 2001 4:54 PM
> > > > To: tomcat-user@jakarta.apache.org
> > > > Subject: Re: Why and How Tomcat before Apache?
> > > >
> > > >
> > > > unless you want to run your tomcat as root ( Very unwise )
> > > > makesure that you use a 'su' command in your
> > > > call to tomcat's start script...
> > > >
> > > >
> > > >
> > > > David
> > > >
> > > > Rui Miguel Seabra wrote:
> > > > >
> > > > > Just hack apachectl script to launch tomcat just before apache,
> and
> > > to
> > > > > shut it down right aftwards.
> > > > >
> > > > > On 17 Aug 2001 16:43:41 +0200, Roberto B. wrote:
> > > > > > Ok ! but.. do you know the way to make this in automatic (
> with
> > > > > scripts at
> > > > > > system start ) ??
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > From: "Barnabas Yohannes" <yohannesb@hotmail.com>
> > > > > > To: <tomcat-user@jakarta.apache.org>
> > > > > > Sent: Friday, August 17, 2001 3:39 PM
> > > > > > Subject: Re: Why and How Tomcat before Apache?
> > > > > >
> > > > > >
> > > > > > > I cannot answer your "why" question, because, I am not
one
> of
> > > the
> > > > > > developers
> > > > > > > of apache or tomcat.  But here is the answer to your "how"
> > > question:
> > > > > > >
> > > > > > > *To stop and start your tomcat:
> > > > > > >
> > > > > > > cd /usr/local/tomcat
> > > > > > >
> > > > > > > bin/shutdown.sh
> > > > > > >
> > > > > > > bin/startup.sh
> > > > > > >
> > > > > > > *Exit from tomcat and go to your apache server:
> > > > > > >
> > > > > > > su
> > > > > > >
> > > > > > > /usr/local/apache/bin/apachectl restart
> > > > > > >
> > > > > > > exit
> > > > > > >
> > > > > > > * Another way of stopping and starting apache:
> > > > > > >
> > > > > > > bin/apachectl stop
> > > > > > > bin/apachectl start
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > ----- Original Message -----
> > > > > > > From: "Roberto B." <roberto@ipermedianet.com>
> > > > > > > To: <tomcat-user@jakarta.apache.org>
> > > > > > > Sent: Friday, August 17, 2001 4:50 AM
> > > > > > > Subject: Why and How Tomcat before Apache?
> > > > > > >
> > > > > > >
> > > > > > > > I have a Linux/Debian system.
> > > > > > > > I want to use Apache as web-server and Tomcat only
for JSP
> > > file.
> > > > > > > >
> > > > > > > > Is it true that it is necessary to make start Tomcat
> before
> > > > > Apache?
> > > > > > Why?..
> > > > > > > > and if it is true.. how??
> > > > > > > >
> > > > > > > > Thanks!
> > > > > > > > Roberto.
> > > > > > > >
> > > > > > > >
> > > > > >
> > > > > --
> > > > > + No matter how much you do, you never do enough -- unknown
> > > > > + Whatever you do will be insignificant,
> > > > > | but it is very important that you do it -- Ghandi
> > > > > + So let's do it...?
> > > >
> >

Mime
View raw message