I'm wondering if anyone has any suggestions on how to best setup Tomcat for
maximum security? Currently, I'm running Tomcat in a chrooted environment.
I see that there is also a way to run Tomcat as a non-root user. I'm
wondering what the best configuration is.
It seems like running it chrooted is probably the best way to go.
Also, I'm wondering how much of an issue buffer overflows are for Tomcat
considering it's written in Java which as far as I know makes them close to
impossible. You would have to basically find an over flow in the JVM, right?
Any other suggestions on how Tomcat should be configured for security? i.e.
removing sample applications, etc.
Jon
