--- David Smith <[EMAIL PROTECTED]> wrote: > That's an unsettling feeling. > > Never trust incoming form data, but if Tomcat is > running as a less > priveledged user, the potential damage from > malformed form data is reduced. > > I personally would never run a web app as root just > for the black hole of > security issues dealing with the outside internet. Do you create a 'tomcat' user? I'm assuming permissions or owner must be changed under /usr/local/jakarta-tomcat.... I installed tomcat as root, so all jakarta-tomcat files are owned by root. I haven't tried this, but I'm guessing there will be issues running tomcat under user 'tomcat' without changing persmissions/owner. Could you give a brief description of how you would do it? Thanks..... __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/
- Re: Why and How Tomcat before Apache? Barnabas Yohannes
- Re: Why and How Tomcat before Apache? Roberto B.
- Re: Why and How Tomcat before Apache? Rui Miguel Seabra
- Re: Why and How Tomcat before Apache? David Cassidy
- RE: Why and How Tomcat before Apache? Martin van den Bemt
- Re: Why and How Tomcat before Ap... David Cassidy
- Re: Why and How Tomcat befor... Roberto B.
- Re: Why and How Tomcat befor... David Cassidy
- Re: Why and How Tomcat befor... David Smith
- Re: Why and How Tomcat befor... Craig R. McClanahan
- Running Tomcat as a nonprivi... Doug Sparling
- Running Tomcat as a nonprivi... Johannes Lehtinen
- Re: Running Tomcat as a nonp... Pier P. Fumagalli
- Re: Running Tomcat as a nonp... Johannes Lehtinen
- mod_jk.log messages Aravind Naidu
- Re: Running Tomcat as a nonp... Doug Sparling
- Re: Running Tomcat as a nonp... Pier P. Fumagalli
- RE: Why and How Tomcat befor... Martin van den Bemt
- Re: Why and How Tomcat befor... David Cassidy
- RE: Why and How Tomcat befor... Martin van den Bemt
- RE: Why and How Tomcat befor... Martin van den Bemt
