Randy, A general rule of security is permit only what is needed, and deny everything else.
Following that idea, only run Tomcat as root if you are using it as a web server binding to a port less than 1024. Otherwise, run it from a non-privledged account so that if there is a security issue the most it should trash is your web server environment. /mde/ just my two cents . . . . __________________________________________________ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos & More http://faith.yahoo.com -- To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>