tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rodrigo Ruiz <rr...@gridsystems.com>
Subject Re: Opinions
Date Fri, 31 Oct 2003 09:33:23 GMT
Also, depending on the amout of static content in your webapps, having 
an Apache as the front-end can perform better than a standalone tomcat. 
But this depends on numbers you have to get by yourself. Experimenting 
uses to be the best way ;-)

Rodrigo

Vincent Aumont wrote:

> Fran├žois,
>
>
>> Oh, and last but not least, I didn't find a privilege separation 
>> method in tomcat (like in apache or ssh or postfix, or...). Perhaps 
>> am I wrong, but, if you want tomcat to run in unpriviledge 
>> environment, you have to make it bind to a public port (say 8080). I 
>> use iptables to redirect connections from 80 to 8080:
>>  
>>
> No, you're right.  You can make Apache listen on port 80 while running 
> as root because it'll change the process' ownership when it opens a 
> new connection. There is no portable way of doing this in Java; 
> therefore, you have to run Tomcat as root if you want to make it 
> listen on port 80. Of course, that's a major security hole.
> I always front-end TC with Apache and use mod_proxy to achieve what 
> you're doing with iptables.
>
> -Vincent.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message