> From: Darryl Lewis [mailto:darryl.le...@unsw.edu.au] > Subject: Re: running tomcat6 under a different user than root (debian)
> That's why we encrypt passwords in unix, or haven't you > looked at etc/passwd lately? No, we encrypt them in Linux because the (very outmoded) /etc/passwd file is readable by anyone. Your critical server files should not have 644 on them, and any Java-based app servers you're running should have a security manager enabled if you can't trust your webapps. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org