I haven't used Tomcat but I used ApacheJServ as my servlet engine..
This Servlet Engine is run by Apache web server. Our Apache was configured
to run as nobody so consequently, the servlet engine is also run by nobody.

In Apache, you can check this by inspecting the file: httpd.conf
Look for the entryname:
User
Group


Ricky Y. Artigas
Analyst/Programmer
Information Technology Division
Easycall Communications Phils., Inc.
418 Arayat St., Mandaluyong City 1550, Philippines
Personal WAP Site: http://www.buzzed.co.uk/mobile/?rya
Company Website: http://www.easycall.com.ph
Tel.no: (+632) 5338001 ext.6574
Mobile:(+63) 0917-8951783
Pager:  141-002955
Email: [EMAIL PROTECTED]


> -------------------------------
> IMPORTANT NOTICE:

> This message (and any attachment hereto) may contain privileged and/or
> confidential information specific to EasyCall. If you are not the intended
> addressee indicated in this message, you may not copy or disseminate this
> message (or any attachment hereto) to anyone. Instead, please destroy this
> message (and any attachment hereto), and kindly notify the sender by reply
> email. Any information in this message (and any attachment thereto) that
> do not relate to the official business of EasyCall shall be understood as
> neither given nor endorsed by the company.
>
>
> -----Original Message-----
> From: Drew Nichols [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, January 25, 2001 11:00 AM
> To:   [EMAIL PROTECTED]
> Subject:      Re: Tomcat security
>
> How is this done?
>
> > -----Original Message-----
> > From: A mailing list about Java Server Pages specification and reference
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Artigas, Ricardo Y.
> > Sent: Thursday, 25 January 2001 1:07 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Tomcat security
> >
> >
> > I don't think it's advisable to run the servlet/jsp engine as user
> "root".
> > Run  them using user "nobody".
> >
> >
> >
> > Ricky Y. Artigas
> > Analyst/Programmer
> > Information Technology Division
> > Easycall Communications Phils., Inc.
> > 418 Arayat St., Mandaluyong City 1550, Philippines
> > Personal WAP Site: http://www.buzzed.co.uk/mobile/?rya
> > Company Website: http://www.easycall.com.ph
> > Tel.no: (+632) 5338001 ext.6574
> > Mobile:(+63) 0917-8951783
> > Pager:  141-002955
> > Email: [EMAIL PROTECTED]
> >
> >
> > > -------------------------------
> > > IMPORTANT NOTICE:
> >
> > > This message (and any attachment hereto) may contain privileged and/or
> > > confidential information specific to EasyCall. If you are not
> > the intended
> > > addressee indicated in this message, you may not copy or
> > disseminate this
> > > message (or any attachment hereto) to anyone. Instead, please
> > destroy this
> > > message (and any attachment hereto), and kindly notify the
> > sender by reply
> > > email. Any information in this message (and any attachment thereto)
> that
> > > do not relate to the official business of EasyCall shall be
> > understood as
> > > neither given nor endorsed by the company.
> > >
> > >
> > > -----Original Message-----
> > > From: Drew Nichols [SMTP:[EMAIL PROTECTED]]
> > > Sent: Thursday, January 25, 2001 10:40 AM
> > > To:   [EMAIL PROTECTED]
> > > Subject:      Tomcat security
> > >
> > > I am about to go live on an online booking system using jsp.
> > > Are there any sites providing information on security related issues.
> > > I use tomcat 3.2.1 with apache and mod_jk.
> > > How secure is this and should the servlet/jsp engine run as root? or
> > > nobody
> > > like apache??
> > >
> > > Appologies for the off topic
> > >
> > >
> >
> ==========================================================================
> > > =
> > > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> > > JSP-INTEREST".
> > > For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST
> > > DIGEST".
> > > Some relevant FAQs on JSP/Servlets can be found at:
> > >
> > >  http://java.sun.com/products/jsp/faq.html
> > >  http://www.esperanto.org.nz/jsp/jspfaq.html
> > >  http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> > >  http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
> >
> > ==================================================================
> > =========
> > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> > JSP-INTEREST".
> > For digest: mailto [EMAIL PROTECTED] with body: "set
> > JSP-INTEREST DIGEST".
> > Some relevant FAQs on JSP/Servlets can be found at:
> >
> >  http://java.sun.com/products/jsp/faq.html
> >  http://www.esperanto.org.nz/jsp/jspfaq.html
> >  http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> >  http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
>
> ==========================================================================
> =
> To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> JSP-INTEREST".
> For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST
> DIGEST".
> Some relevant FAQs on JSP/Servlets can be found at:
>
>  http://java.sun.com/products/jsp/faq.html
>  http://www.esperanto.org.nz/jsp/jspfaq.html
>  http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
>  http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets

===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:

 http://java.sun.com/products/jsp/faq.html
 http://www.esperanto.org.nz/jsp/jspfaq.html
 http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
 http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets

Reply via email to