Mark Eggers wrote:
In addition, it is best to run Tomcat on a non-priviledged port and use your OS' firewalling to redirect port x to port 80. (eg. iptables, etc.)Following that idea, only run Tomcat as root if you are using it as a web server binding to a port less than 1024. Otherwise, run it from a non-privledged account so that if there is a security issue the most it should trash is your web server environment.
If you must do something as root, such as admin work, I would run a seperate tomcat for those servlets and go learn about using SecurityManagers with Tomcat.
A.
--
Adam Sherman
Software Developer
Teach and Travel Inc.
+1.613.241.3103
--
To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
