Good point -- one I did not consider as in my realm of reference I am in a secured zone -- no outside access. Makes a big difference.
_______________________________________________________________________________________ «¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤» _______________________________________________________________________________________ Rick Curry Common Services - Software Development E2 - 066, MS 5210 972-431-9178 (Voice) 972-585-7585 (Pager) To send a (short) Text Message to my Pager: 9725857...@page.metrocall.com -----Original Message----- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Tuesday, November 02, 2010 1:48 PM To: Tomcat Users List Subject: RE: Protecting static resources in IIS > From: Richard G Curry [mailto:rgcu...@jcpenney.com] > Subject: RE: Protecting static resources in IIS > > > > From: Rob Gregory [mailto:rob.greg...@ibsolutions.com] > > > > Subject: RE: Protecting static resources in IIS > > > > Would that then result in having to run Tomcat/Apache/IIS as > > > > root/system rather than a restricted user? > > > Yes. > > That sounds like a really bad idea. > How so? What am I missing? Basic security philosophy, known as the principle of least privilege. Running as root/system is like walking around with a "kick me" sign; just wait till the hackers break into your IIS box running that way... - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If the reader of this message is not the intended recipient, you are hereby notified that your access is unauthorized, and any review, dissemination, distribution or copying of this message including any attachments is strictly prohibited. If you are not the intended recipient, please contact the sender and delete the material from any computer. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org