Dangerous. You should run tomcat as a non-root user, no login, no shell. The reason Apache is involved is because we want Apache to serve static pages.
-----Original Message----- From: Mike Millson [mailto:[EMAIL PROTECTED] Sent: October 14, 2004 9:58 AM To: Tomcat Users List Subject: Re: mod_jk2 Ready/Recommended For Production? On Thu, 2004-10-14 at 05:56, Antony Paul wrote: > Do you mean Apache dont have any security holes. I dont know about > hacking a system. But in terms of security Tomcat is far better than > Apache since it dont have any security vulnerabilities. > But if you run tomcat standalone, you have to run tomcat as root. Apache does not run as root, so if you run Apache in front of tomcat, you can avoid exposing the root account. Mike --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] !DSPAM:416e85e7242988496385758!