Martin van den Bemt at [EMAIL PROTECTED] wrote: >>> down your server or delete your webapp or other data. You don't solve >>> that problem with running as a seperate user.. >> >> Tomcats ports are not visible from the outside. Only access is through >> apache - ie mod_jk ... > > do a telnet to your port 8007 or 8009 and you'll see what I mean.. It takes 5 minutes to write an AJP client that hacks into Tomcat. We started saying this in 1998, when we released Apache JServ 1.0 and I cry to see that still today people do not think about it... (BTW, in AJP version following the original, the authentication mechanism was disabled because of performance issues - and because I wasn't there when they "designed" those) Check out <http://www.apache.org/~stefano/papers/> in the 1998 section. (Both of them are quite nice readings, or at least I hope it will be as nice as it was writing them) Pier
- Running Tomcat as a nonprivi... Johannes Lehtinen
- Re: Running Tomcat as a nonp... Pier P. Fumagalli
- Re: Running Tomcat as a nonp... Johannes Lehtinen
- mod_jk.log messages Aravind Naidu
- Re: Running Tomcat as a nonp... Doug Sparling
- Re: Running Tomcat as a nonp... Pier P. Fumagalli
- RE: Why and How Tomcat befor... Martin van den Bemt
- Re: Why and How Tomcat befor... David Cassidy
- RE: Why and How Tomcat befor... Martin van den Bemt
- RE: Why and How Tomcat befor... Martin van den Bemt
- RE: Why and How Tomcat befor... Pier P. Fumagalli
- RE: Why and How Tomcat befor... Martin van den Bemt
- Re: Why and How Tomcat befor... Pier P. Fumagalli
- Problem with ajp13 Roy K. Mayr R.
- Re: Why and How Tomcat before Apache? David Cassidy
- Re: Why and How Tomcat before Ap... Roberto B.
- RE: Why and How Tomcat befor... Martin van den Bemt
- Re: Why and How Tomcat befor... David Cassidy
- RE: Why and How Tomcat before Apache? Martin van den Bemt
- Re: Why and How Tomcat before Apache? Jan Labanowski
- Re: Why and How Tomcat before Apache? Roberto B.
