tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jonathan Eric Miller" <>
Subject Fw: Tomcat security questions
Date Thu, 20 Sep 2001 19:27:33 GMT
For some reason this didn't seem to go through the first time...


----- Original Message -----
From: "Jonathan Eric Miller" <>
To: "Tomcat User List" <>
Sent: Wednesday, September 19, 2001 10:11 PM
Subject: Tomcat security questions

> I'm wondering if anyone has any suggestions on how to best setup Tomcat
> maximum security? Currently, I'm running Tomcat in a chrooted environment.
> I see that there is also a way to run Tomcat as a non-root user. I'm
> wondering what the best configuration is.
> It seems like running it chrooted is probably the best way to go.
> Also, I'm wondering how much of an issue buffer overflows are for Tomcat
> considering it's written in Java which as far as I know makes them close
> impossible. You would have to basically find an over flow in the JVM,
> Any other suggestions on how Tomcat should be configured for security?
> removing sample applications, etc.
> Jon

View raw message