tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Leo Donahue <donahu...@gmail.com>
Subject Re: Security Best Practices on Windows Service
Date Wed, 05 Nov 2014 20:19:24 GMT
On Wed, Nov 5, 2014 at 1:34 PM, Igal @ getRailo.org <igal@getrailo.org>
wrote:

> hi,
>
> what are the security best practices for running Tomcat as a Windows
> Service?
>
> is the local system account safe


Define safe.  LocalSystem has too many privs that a Tomcat service account
doesn't need in my opinion.

or am I better off creating a new user
> and giving it write permissions only to the Tomcat runtime folders and
> read permissions to the web contents folder?
>
>
In my previous employment, we did that.  Create a local user account and
set permissions to the Tomcat installation directory and optional
CATALINA_BASE (if you separated them).  We did not use domain accounts for
the Tomcat service account because the Tomcat service account did not need
access to network resources in our setup.  Create a strong password.

Leo

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message