tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Eggers <>
Subject Re: Best practices question
Date Thu, 17 Oct 2002 18:33:42 GMT

A general rule of security is permit only what is
needed, and deny everything else.

Following that idea, only run Tomcat as root if you
are using it as a web server binding to a port less
than 1024.  Otherwise, run it from a non-privledged
account so that if there is a security issue the most
it should trash is your web server environment.


just my two cents . . . .

Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message