tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Running Tomcat on a webserver that is on a workgroup
Date Mon, 18 Jul 2011 22:29:36 GMT
Leo Donahue - PLANDEVX wrote:
> I've been informed that our web server is going to be disjoined from the domain and placed
on a workgroup.  Is this a trend?
> 
There is probably more to it than that.  Perhaps your webserver is being moved to some 
"demilitarised zone" (DMZ) behind some kind of firewall, and since that firewall will 
probably block SMB/CIFS/NetBios kinds of communications, effectively indeed it will no 
longer be able to participate in a Domain.

> I don't understand how Tomcat will be able to access resources from our domain, and vice
versa, unless I'm running Tomcat as a local account, and that same local account is created
on the other servers on the domain.
> 
It all depends what you mean by "resources".  It will still be able to access other hosts

via TCP (through the firewall, if the firewall allows it). But it will no longer be able 
to access "shares" or windows network printers e.g.

What kind of network resources does your webserver need ?

> It seems like I'm exploiting one security issue for another.
> 
(trading).
What is the security issue that this change is supposed to cure ?


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message