tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rob Gregory" <Rob.Greg...@ibsolutions.com>
Subject RE: Protecting static resources in IIS
Date Wed, 03 Nov 2010 09:12:41 GMT
Totally agree with Chuck, I would not recommend running a web server as
a root/system user.

> -----Original Message-----
> From: Caldarale, Charles R [mailto:Chuck.Caldarale@unisys.com]
> Sent: 02 November 2010 18:48
> To: Tomcat Users List
> Subject: RE: Protecting static resources in IIS
> 
> > From: Richard G Curry [mailto:rgcurry@jcpenney.com]
> > Subject: RE: Protecting static resources in IIS
> 
> > > > > From: Rob Gregory [mailto:Rob.Gregory@ibsolutions.com]
> > > > > Subject: RE: Protecting static resources in IIS
> 
> > > > > Would that then result in having to run Tomcat/Apache/IIS as
> > > > > root/system rather than a restricted user?
> 
> > > > Yes.
> 
> > > That sounds like a really bad idea.
> 
> > How so? What am I missing?
> 
> Basic security philosophy, known as the principle of least privilege.
Running
> as root/system is like walking around with a "kick me" sign; just wait
till
> the hackers break into your IIS box running that way...
> 
>  - Chuck
> 
> 
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE
PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
received
> this in error, please contact the sender and delete the e-mail and its
> attachments from all computers.
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message