Hi,
There are security implications for running *any* server process on *any*
port that is accessible by the public internet.
To run a server on UNIX/Linux on a port number of less than 1024 requires
root privileges. I would strongly recommend you do *NOT* run Tomcat as the
root user since if
.
- Original Message -
From: Chris Newland [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Sent: 2001. december 6. 12:18
Subject: RE: security issue: tomcat on port 80
Hi,
There are security implications for running *any* server process on *any*
port that is accessible
--- Attila Szegedi [EMAIL PROTECTED] wrote:
Java VM actually shields you from buffer overflow
attacks, since you cannot
overflow an array, let alone do it so that it
overwrites code segments. So
in case of Tomcat (or any Java-written server),
buffer overflow attacks are
out of question.
How safe is it to have tomcat listening on port 80
running on a RH6.2, which is on the internet ?
Did anybody face any security problems ever ?
From the conventional point of view, having things run on port 80 has
been dangerous because a proc has to have uid 0 to bind to the port.
Apache is
port
and placed behind the firewall. I feel much more secure running Tomcat then
IIS on Win32.
Jim
-Original Message-
From: Dr. Evil [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 06, 2001 1:48 PM
To: [EMAIL PROTECTED]
Subject: Re: security issue: tomcat on port 80
How safe