tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Delbecq <de...@oma.be>
Subject Re: disable war deployment
Date Wed, 03 Jan 2007 13:12:57 GMT
En l'instant précis du 01/03/07 14:07, Mikolaj Rydzewski s'exprimait
dans toute sa noblesse:
> Stephan Schöffel wrote:
>> if someone is able to put a war file into the tomcat installed to
>> your computer he can do probably anything he wants to your computer.
> Use security manager.
>
And run tomcat within a a dedicated account having limited access to
system. (Like is done for apache servers if you do not want your users
to mess everything using CGI scripts)

Also, if you are under a unix environment, a chroot jail is a very
powerful tool.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message