> From: Richard G Curry [mailto:rgcurry@jcpenney.com]
> Subject: RE: Protecting static resources in IIS
> > > > From: Rob Gregory [mailto:Rob.Gregory@ibsolutions.com]
> > > > Subject: RE: Protecting static resources in IIS
> > > > Would that then result in having to run Tomcat/Apache/IIS as
> > > > root/system rather than a restricted user?
> > > Yes.
> > That sounds like a really bad idea.
> How so? What am I missing?
Basic security philosophy, known as the principle of least privilege. Running as root/system
is like walking around with a "kick me" sign; just wait till the hackers break into your IIS
box running that way...
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus
for use only by the intended recipient. If you received this in error, please contact the
sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
|