I have done this but is this enough to provide security with the jvm running
as root?


>
> I haven't used Tomcat but I used ApacheJServ as my servlet engine..
> This Servlet Engine is run by Apache web server. Our Apache was configured
> to run as nobody so consequently, the servlet engine is also run
> by nobody.
>
> In Apache, you can check this by inspecting the file: httpd.conf
> Look for the entryname:
> User
> Group
>
>
> Ricky Y. Artigas
> Analyst/Programmer
> Information Technology Division
> Easycall Communications Phils., Inc.
> 418 Arayat St., Mandaluyong City 1550, Philippines
> Personal WAP Site: http://www.buzzed.co.uk/mobile/?rya
> Company Website: http://www.easycall.com.ph
> Tel.no: (+632) 5338001 ext.6574
> Mobile:(+63) 0917-8951783
> Pager:  141-002955
> Email: [EMAIL PROTECTED]
>
>
> > -------------------------------
> > IMPORTANT NOTICE:
>
> > This message (and any attachment hereto) may contain privileged and/or
> > confidential information specific to EasyCall. If you are not
> the intended
> > addressee indicated in this message, you may not copy or
> disseminate this
> > message (or any attachment hereto) to anyone. Instead, please
> destroy this
> > message (and any attachment hereto), and kindly notify the
> sender by reply
> > email. Any information in this message (and any attachment thereto) that
> > do not relate to the official business of EasyCall shall be
> understood as
> > neither given nor endorsed by the company.
> >
> >
> > -----Original Message-----
> > From: Drew Nichols [SMTP:[EMAIL PROTECTED]]
> > Sent: Thursday, January 25, 2001 11:00 AM
> > To:   [EMAIL PROTECTED]
> > Subject:      Re: Tomcat security
> >
> > How is this done?
> >
> > > -----Original Message-----
> > > From: A mailing list about Java Server Pages specification
> and reference
> > > [mailto:[EMAIL PROTECTED]]On Behalf Of Artigas, Ricardo Y.
> > > Sent: Thursday, 25 January 2001 1:07 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: Tomcat security
> > >
> > >
> > > I don't think it's advisable to run the servlet/jsp engine as user
> > "root".
> > > Run  them using user "nobody".
> > >
> > >
> > >
> > > Ricky Y. Artigas
> > > Analyst/Programmer
> > > Information Technology Division
> > > Easycall Communications Phils., Inc.
> > > 418 Arayat St., Mandaluyong City 1550, Philippines
> > > Personal WAP Site: http://www.buzzed.co.uk/mobile/?rya
> > > Company Website: http://www.easycall.com.ph
> > > Tel.no: (+632) 5338001 ext.6574
> > > Mobile:(+63) 0917-8951783
> > > Pager:  141-002955
> > > Email: [EMAIL PROTECTED]
> > >
> > >
> > > > -------------------------------
> > > > IMPORTANT NOTICE:
> > >
> > > > This message (and any attachment hereto) may contain
> privileged and/or
> > > > confidential information specific to EasyCall. If you are not
> > > the intended
> > > > addressee indicated in this message, you may not copy or
> > > disseminate this
> > > > message (or any attachment hereto) to anyone. Instead, please
> > > destroy this
> > > > message (and any attachment hereto), and kindly notify the
> > > sender by reply
> > > > email. Any information in this message (and any attachment thereto)
> > that
> > > > do not relate to the official business of EasyCall shall be
> > > understood as
> > > > neither given nor endorsed by the company.
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: Drew Nichols [SMTP:[EMAIL PROTECTED]]
> > > > Sent: Thursday, January 25, 2001 10:40 AM
> > > > To:   [EMAIL PROTECTED]
> > > > Subject:      Tomcat security
> > > >
> > > > I am about to go live on an online booking system using jsp.
> > > > Are there any sites providing information on security
> related issues.
> > > > I use tomcat 3.2.1 with apache and mod_jk.
> > > > How secure is this and should the servlet/jsp engine run as root? or
> > > > nobody
> > > > like apache??
> > > >
> > > > Appologies for the off topic
> > > >
> > > >
> > >
> >
> ==========================================================================
> > > > =
> > > > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> > > > JSP-INTEREST".
> > > > For digest: mailto [EMAIL PROTECTED] with body: "set
> JSP-INTEREST
> > > > DIGEST".
> > > > Some relevant FAQs on JSP/Servlets can be found at:
> > > >
> > > >  http://java.sun.com/products/jsp/faq.html
> > > >  http://www.esperanto.org.nz/jsp/jspfaq.html
> > > >  http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> > > >  http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
> > >
> > > ==================================================================
> > > =========
> > > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> > > JSP-INTEREST".
> > > For digest: mailto [EMAIL PROTECTED] with body: "set
> > > JSP-INTEREST DIGEST".
> > > Some relevant FAQs on JSP/Servlets can be found at:
> > >
> > >  http://java.sun.com/products/jsp/faq.html
> > >  http://www.esperanto.org.nz/jsp/jspfaq.html
> > >  http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> > >  http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
> >
> >
> ==========================================================================
> > =
> > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> > JSP-INTEREST".
> > For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST
> > DIGEST".
> > Some relevant FAQs on JSP/Servlets can be found at:
> >
> >  http://java.sun.com/products/jsp/faq.html
> >  http://www.esperanto.org.nz/jsp/jspfaq.html
> >  http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> >  http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
>
> ==================================================================
> =========
> To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> JSP-INTEREST".
> For digest: mailto [EMAIL PROTECTED] with body: "set
> JSP-INTEREST DIGEST".
> Some relevant FAQs on JSP/Servlets can be found at:
>
>  http://java.sun.com/products/jsp/faq.html
>  http://www.esperanto.org.nz/jsp/jspfaq.html
>  http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
>  http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets

===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:

 http://java.sun.com/products/jsp/faq.html
 http://www.esperanto.org.nz/jsp/jspfaq.html
 http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
 http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets

Reply via email to