minfrin commented on pull request #382: URL: https://github.com/apache/tomcat/pull/382#issuecomment-735456090
> So you have shared machine where everyone can snoop on localhost? Since the socket files will be owned by a Tomcat system user you want to add HTTPd to that group to make it interact with Tomcat? Yes. In this particular example it's a mailserver, with a whole host of related daemons running. If any of the those daemons allows anything shady, open ports on localhost are an obvious target. This shuts this all down completely. You can get away with it if you use passwords, or session cookies, but in this case it's 100% certificates, and that creates a problem. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org