Jay, on what operating system? On Linux, running Tomcat (or any other web
server) as root introduces security problems, yes. When an exploit is
discovered in Tomcat, the consequences are severe if Tomcat runs as root.
If it runs as a no privilidge user such as nobody (or in our case, jBoss
user), the damage is quite contained (usually). This way, it can't modify
itself to have new "features" added by hackers and it can't access critical
system resources, like your password files.
This has nothing to do with Tomcat. Its standard practice not to allow a
server process to run as root. You can use IP chaines to let Tomcat, not
running as root, to listen on port 80.
Jim
--On Thursday, June 28, 2001 1:36 PM -0400 Jay Walters
<[EMAIL PROTECTED]> wrote:
> In order to listen on port 80 with tomcat does one need to run Jboss as
> root? Does this present a security hazard - does Tomcat have any odd
> backdoors. Is jetty any different?
>
> Cheers
> Jay
>
> _______________________________________________
> Jboss-development mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/jboss-development
********************************************
I shall be telling this with a sigh
Somewhere ages and ages hence:
Two roads diverged in a wood, and I -
I took the one less traveled by,
And that has made all the difference.
- Robert Frost, 1916
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-development
