Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 56089 invoked from network); 3 Nov 2010 09:13:32 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 3 Nov 2010 09:13:32 -0000 Received: (qmail 27934 invoked by uid 500); 3 Nov 2010 09:14:00 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 27698 invoked by uid 500); 3 Nov 2010 09:13:57 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 27688 invoked by uid 99); 3 Nov 2010 09:13:56 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 03 Nov 2010 09:13:56 +0000 X-ASF-Spam-Status: No, hits=-2.3 required=10.0 tests=RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [85.158.137.35] (HELO mail134.messagelabs.com) (85.158.137.35) by apache.org (qpsmtpd/0.29) with SMTP; Wed, 03 Nov 2010 09:13:47 +0000 X-VirusChecked: Checked X-Env-Sender: Rob.Gregory@ibsolutions.com X-Msg-Ref: server-15.tower-134.messagelabs.com!1288769722!17226666!1 X-StarScan-Version: 6.2.9; banners=-,-,- X-Originating-IP: [194.169.24.99] Received: (qmail 31596 invoked from network); 3 Nov 2010 07:35:23 -0000 Received: from unknown (HELO UKEXCHANGE1.Europe.iSOFTGroup.co.uk) (194.169.24.99) by server-15.tower-134.messagelabs.com with SMTP; 3 Nov 2010 07:35:23 -0000 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: Protecting static resources in IIS Date: Wed, 3 Nov 2010 09:12:41 -0000 Message-ID: <6D8F0A4A19FB2A49815191AC1C2B128E09DC0056@UKEXCHANGE1.Europe.iSOFTGroup.co.uk> In-Reply-To: <99C8B2929B39C24493377AC7A121E21F99F87A6F3F@USEA-EXCH8.na.uis.unisys.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Protecting static resources in IIS Thread-Index: Act6rWLmlDNi5JXnQbmABBs9XCt0WAAARq/wAAHGksAAAPdD4AAArBlAAAAr6eAAAES+gAAeP/7g References: <6D8F0A4A19FB2A49815191AC1C2B128E09DBFEDF@UKEXCHANGE1.Europe.iSOFTGroup.co.uk> <6D8F0A4A19FB2A49815191AC1C2B128E09DBFF13@UKEXCHANGE1.Europe.iSOFTGroup.co.uk> <7884876715451366394@unknownmsgid> <6D8F0A4A19FB2A49815191AC1C2B128E09DBFFE2@UKEXCHANGE1.Europe.iSOFTGroup.co.uk> <99C8B2929B39C24493377AC7A121E21F99F87A6ED5@USEA-EXCH8.na.uis.unisys.com> <99C8B2929B39C24493377AC7A121E21F99F87A6F3F@USEA-EXCH8.na.uis.unisys.com> From: "Rob Gregory" To: "Tomcat Users List" X-Virus-Checked: Checked by ClamAV on apache.org Totally agree with Chuck, I would not recommend running a web server as a root/system user. > -----Original Message----- > From: Caldarale, Charles R [mailto:Chuck.Caldarale@unisys.com] > Sent: 02 November 2010 18:48 > To: Tomcat Users List > Subject: RE: Protecting static resources in IIS >=20 > > From: Richard G Curry [mailto:rgcurry@jcpenney.com] > > Subject: RE: Protecting static resources in IIS >=20 > > > > > From: Rob Gregory [mailto:Rob.Gregory@ibsolutions.com] > > > > > Subject: RE: Protecting static resources in IIS >=20 > > > > > Would that then result in having to run Tomcat/Apache/IIS as > > > > > root/system rather than a restricted user? >=20 > > > > Yes. >=20 > > > That sounds like a really bad idea. >=20 > > How so? What am I missing? >=20 > Basic security philosophy, known as the principle of least privilege. Running > as root/system is like walking around with a "kick me" sign; just wait till > the hackers break into your IIS box running that way... >=20 > - Chuck >=20 >=20 > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. >=20 >=20 > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org