tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jonathan Eric Miller" <jemil...@uchicago.edu>
Subject Fw: Tomcat security questions
Date Thu, 20 Sep 2001 19:27:33 GMT
For some reason this didn't seem to go through the first time...

Jon

----- Original Message -----
From: "Jonathan Eric Miller" <jemiller@uchicago.edu>
To: "Tomcat User List" <tomcat-user@jakarta.apache.org>
Sent: Wednesday, September 19, 2001 10:11 PM
Subject: Tomcat security questions


> I'm wondering if anyone has any suggestions on how to best setup Tomcat
for
> maximum security? Currently, I'm running Tomcat in a chrooted environment.
>
> I see that there is also a way to run Tomcat as a non-root user. I'm
> wondering what the best configuration is.
>
> It seems like running it chrooted is probably the best way to go.
>
> Also, I'm wondering how much of an issue buffer overflows are for Tomcat
> considering it's written in Java which as far as I know makes them close
to
> impossible. You would have to basically find an over flow in the JVM,
right?
>
> Any other suggestions on how Tomcat should be configured for security?
i.e.
> removing sample applications, etc.
>
> Jon
>
>


Mime
View raw message