tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Eggers <its_toas...@yahoo.com>
Subject Re: Best practices question
Date Thu, 17 Oct 2002 18:33:42 GMT
Randy,

A general rule of security is permit only what is
needed, and deny everything else.

Following that idea, only run Tomcat as root if you
are using it as a web server binding to a port less
than 1024.  Otherwise, run it from a non-privledged
account so that if there is a security issue the most
it should trash is your web server environment.

/mde/

just my two cents . . . .

__________________________________________________
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com

--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message