I don't think it's advisable to run the servlet/jsp engine as user "root".
Run them using user "nobody".
Ricky Y. Artigas
Analyst/Programmer
Information Technology Division
Easycall Communications Phils., Inc.
418 Arayat St., Mandaluyong City 1550, Philippines
Personal WAP Site: http://www.buzzed.co.uk/mobile/?rya
Company Website: http://www.easycall.com.ph
Tel.no: (+632) 5338001 ext.6574
Mobile:(+63) 0917-8951783
Pager: 141-002955
Email: [EMAIL PROTECTED]
> -------------------------------
> IMPORTANT NOTICE:
> This message (and any attachment hereto) may contain privileged and/or
> confidential information specific to EasyCall. If you are not the intended
> addressee indicated in this message, you may not copy or disseminate this
> message (or any attachment hereto) to anyone. Instead, please destroy this
> message (and any attachment hereto), and kindly notify the sender by reply
> email. Any information in this message (and any attachment thereto) that
> do not relate to the official business of EasyCall shall be understood as
> neither given nor endorsed by the company.
>
>
> -----Original Message-----
> From: Drew Nichols [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, January 25, 2001 10:40 AM
> To: [EMAIL PROTECTED]
> Subject: Tomcat security
>
> I am about to go live on an online booking system using jsp.
> Are there any sites providing information on security related issues.
> I use tomcat 3.2.1 with apache and mod_jk.
> How secure is this and should the servlet/jsp engine run as root? or
> nobody
> like apache??
>
> Appologies for the off topic
>
> ==========================================================================
> =
> To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> JSP-INTEREST".
> For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST
> DIGEST".
> Some relevant FAQs on JSP/Servlets can be found at:
>
> http://java.sun.com/products/jsp/faq.html
> http://www.esperanto.org.nz/jsp/jspfaq.html
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets