HOw do we start TOmcat programatically using Bootstrap.start() API if we need to pass the user ?
On Thu, Jan 7, 2010 at 8:30 PM, Peter Crowther <peter.crowt...@melandra.com>wrote: > 2010/1/7 Looijmans, Mike <mike.looijm...@oce.com>: > > The current configuration is correct in terms of security - the 'SYSTEM' > > user is a limited account that has no access to the desktop nor shared > > network resources. > > Sorry to pick you up on this one, Mike, but I think you're thinking of > Local*Service*, not Local*System*. LocalSystem has full > administrative access to the local computer, including (for example) > being able to write a rogue DLL to a spare directory, then amend the > registry so that that DLL is loaded by every process that runs on the > machine from this point onwards. Or create a new local account that > *does* have desktop access and spawn a process running as that user. > If you can compromise LocalSystem, you've got the machine. > > Windows' LocalSystem is very, very close to Unix's root. If you want > a non-privileged account, use LocalService not LocalSystem. See, for > example > http://blogs.msdn.com/jmanning/archive/2008/04/06/localsystem-root-localservice-nobody.aspx > > - Peter > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- Sent from Karnataka, India
