tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rodrigo Ruiz <>
Subject Re: Opinions
Date Fri, 31 Oct 2003 09:33:23 GMT
Also, depending on the amout of static content in your webapps, having 
an Apache as the front-end can perform better than a standalone tomcat. 
But this depends on numbers you have to get by yourself. Experimenting 
uses to be the best way ;-)


Vincent Aumont wrote:

> Fran├žois,
>> Oh, and last but not least, I didn't find a privilege separation 
>> method in tomcat (like in apache or ssh or postfix, or...). Perhaps 
>> am I wrong, but, if you want tomcat to run in unpriviledge 
>> environment, you have to make it bind to a public port (say 8080). I 
>> use iptables to redirect connections from 80 to 8080:
> No, you're right.  You can make Apache listen on port 80 while running 
> as root because it'll change the process' ownership when it opens a 
> new connection. There is no portable way of doing this in Java; 
> therefore, you have to run Tomcat as root if you want to make it 
> listen on port 80. Of course, that's a major security hole.
> I always front-end TC with Apache and use mod_proxy to achieve what 
> you're doing with iptables.
> -Vincent.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message