RE: [JBoss-dev] Jboss site question

Thu, 28 Jun 2001 11:24:41 -0700 

Thanks Sebastien and Jim, I'm not up to date enough on Linux so I was
wondering how the port forwarding was handled, I noticed there was nothing
in the docs about it.  I am thinking of cutting over to jboss/tomcat on my
site so I can put some dynamic content up there and needed to figure this
one out first. I'll RTM on ipchains...

-----Original Message-----
From: Jim Archer
To: [EMAIL PROTECTED]
Sent: 6/28/01 2:36 PM
Subject: Re: [JBoss-dev] Jboss site question

Jay, on what operating system? On Linux, running Tomcat (or any other
web 
server) as root introduces security problems, yes. When an exploit is 
discovered in Tomcat, the consequences are severe if Tomcat runs as
root. 
If it runs as a no privilidge user such as nobody (or in our case, jBoss

user), the damage is quite contained (usually). This way, it can't
modify 
itself to have new "features" added by hackers and it can't access
critical 
system resources, like your password files.

This has nothing to do with Tomcat. Its standard practice not to allow a

server process to run as root. You can use IP chaines to let Tomcat, not

running as root, to listen on port 80.

Jim

--On Thursday, June 28, 2001 1:36 PM -0400 Jay Walters 
<[EMAIL PROTECTED]> wrote:

> In order to listen on port 80 with tomcat does one need to run Jboss
as
> root?  Does this present a security hazard - does Tomcat have any odd
> backdoors.  Is jetty any different?
>
> Cheers
> Jay
>
> _______________________________________________
> Jboss-development mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/jboss-development



********************************************
I shall be telling this with a sigh
Somewhere ages and ages hence:
Two roads diverged in a wood, and I -
I took the one less traveled by,
And that has made all the difference.

- Robert Frost, 1916


_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-development

_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-development

Reply via email to