I'm not an expert but I believe it would not be advisable to run
applications as root unless it's really necessary. HTH. :^)
Ricky Y. Artigas
Analyst/Programmer
Information Technology Division
Easycall Communications Phils., Inc.
418 Arayat St., Mandaluyong City 1550, Philippines
Personal WAP Site: http://www.buzzed.co.uk/mobile/?rya
Company Website: http://www.easycall.com.ph
Tel.no: (+632) 5338001 ext.6574
Mobile:(+63) 0917-8951783
Pager: 141-002955
Email: [EMAIL PROTECTED]
> -------------------------------
> IMPORTANT NOTICE:
> This message (and any attachment hereto) may contain privileged and/or
> confidential information specific to EasyCall. If you are not the intended
> addressee indicated in this message, you may not copy or disseminate this
> message (or any attachment hereto) to anyone. Instead, please destroy this
> message (and any attachment hereto), and kindly notify the sender by reply
> email. Any information in this message (and any attachment thereto) that
> do not relate to the official business of EasyCall shall be understood as
> neither given nor endorsed by the company.
>
>
> -----Original Message-----
> From: Drew Nichols [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, January 25, 2001 11:45 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Tomcat security
>
> I have done this but is this enough to provide security with the jvm
> running
> as root?
>
>
> >
> > I haven't used Tomcat but I used ApacheJServ as my servlet engine..
> > This Servlet Engine is run by Apache web server. Our Apache was
> configured
> > to run as nobody so consequently, the servlet engine is also run
> > by nobody.
> >
> > In Apache, you can check this by inspecting the file: httpd.conf
> > Look for the entryname:
> > User
> > Group
> >
> >
> > Ricky Y. Artigas
> > Analyst/Programmer
> > Information Technology Division
> > Easycall Communications Phils., Inc.
> > 418 Arayat St., Mandaluyong City 1550, Philippines
> > Personal WAP Site: http://www.buzzed.co.uk/mobile/?rya
> > Company Website: http://www.easycall.com.ph
> > Tel.no: (+632) 5338001 ext.6574
> > Mobile:(+63) 0917-8951783
> > Pager: 141-002955
> > Email: [EMAIL PROTECTED]
> >
> >
> > > -------------------------------
> > > IMPORTANT NOTICE:
> >
> > > This message (and any attachment hereto) may contain privileged and/or
> > > confidential information specific to EasyCall. If you are not
> > the intended
> > > addressee indicated in this message, you may not copy or
> > disseminate this
> > > message (or any attachment hereto) to anyone. Instead, please
> > destroy this
> > > message (and any attachment hereto), and kindly notify the
> > sender by reply
> > > email. Any information in this message (and any attachment thereto)
> that
> > > do not relate to the official business of EasyCall shall be
> > understood as
> > > neither given nor endorsed by the company.
> > >
> > >
> > > -----Original Message-----
> > > From: Drew Nichols [SMTP:[EMAIL PROTECTED]]
> > > Sent: Thursday, January 25, 2001 11:00 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: Tomcat security
> > >
> > > How is this done?
> > >
> > > > -----Original Message-----
> > > > From: A mailing list about Java Server Pages specification
> > and reference
> > > > [mailto:[EMAIL PROTECTED]]On Behalf Of Artigas, Ricardo Y.
> > > > Sent: Thursday, 25 January 2001 1:07 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: Re: Tomcat security
> > > >
> > > >
> > > > I don't think it's advisable to run the servlet/jsp engine as user
> > > "root".
> > > > Run them using user "nobody".
> > > >
> > > >
> > > >
> > > > Ricky Y. Artigas
> > > > Analyst/Programmer
> > > > Information Technology Division
> > > > Easycall Communications Phils., Inc.
> > > > 418 Arayat St., Mandaluyong City 1550, Philippines
> > > > Personal WAP Site: http://www.buzzed.co.uk/mobile/?rya
> > > > Company Website: http://www.easycall.com.ph
> > > > Tel.no: (+632) 5338001 ext.6574
> > > > Mobile:(+63) 0917-8951783
> > > > Pager: 141-002955
> > > > Email: [EMAIL PROTECTED]
> > > >
> > > >
> > > > > -------------------------------
> > > > > IMPORTANT NOTICE:
> > > >
> > > > > This message (and any attachment hereto) may contain
> > privileged and/or
> > > > > confidential information specific to EasyCall. If you are not
> > > > the intended
> > > > > addressee indicated in this message, you may not copy or
> > > > disseminate this
> > > > > message (or any attachment hereto) to anyone. Instead, please
> > > > destroy this
> > > > > message (and any attachment hereto), and kindly notify the
> > > > sender by reply
> > > > > email. Any information in this message (and any attachment
> thereto)
> > > that
> > > > > do not relate to the official business of EasyCall shall be
> > > > understood as
> > > > > neither given nor endorsed by the company.
> > > > >
> > > > >
> > > > > -----Original Message-----
> > > > > From: Drew Nichols [SMTP:[EMAIL PROTECTED]]
> > > > > Sent: Thursday, January 25, 2001 10:40 AM
> > > > > To: [EMAIL PROTECTED]
> > > > > Subject: Tomcat security
> > > > >
> > > > > I am about to go live on an online booking system using jsp.
> > > > > Are there any sites providing information on security
> > related issues.
> > > > > I use tomcat 3.2.1 with apache and mod_jk.
> > > > > How secure is this and should the servlet/jsp engine run as root?
> or
> > > > > nobody
> > > > > like apache??
> > > > >
> > > > > Appologies for the off topic
> > > > >
> > > > >
> > > >
> > >
> >
> ==========================================================================
> > > > > =
> > > > > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> > > > > JSP-INTEREST".
> > > > > For digest: mailto [EMAIL PROTECTED] with body: "set
> > JSP-INTEREST
> > > > > DIGEST".
> > > > > Some relevant FAQs on JSP/Servlets can be found at:
> > > > >
> > > > > http://java.sun.com/products/jsp/faq.html
> > > > > http://www.esperanto.org.nz/jsp/jspfaq.html
> > > > > http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> > > > > http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
> > > >
> > > > ==================================================================
> > > > =========
> > > > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> > > > JSP-INTEREST".
> > > > For digest: mailto [EMAIL PROTECTED] with body: "set
> > > > JSP-INTEREST DIGEST".
> > > > Some relevant FAQs on JSP/Servlets can be found at:
> > > >
> > > > http://java.sun.com/products/jsp/faq.html
> > > > http://www.esperanto.org.nz/jsp/jspfaq.html
> > > > http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> > > > http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
> > >
> > >
> >
> ==========================================================================
> > > =
> > > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> > > JSP-INTEREST".
> > > For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST
> > > DIGEST".
> > > Some relevant FAQs on JSP/Servlets can be found at:
> > >
> > > http://java.sun.com/products/jsp/faq.html
> > > http://www.esperanto.org.nz/jsp/jspfaq.html
> > > http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> > > http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
> >
> > ==================================================================
> > =========
> > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> > JSP-INTEREST".
> > For digest: mailto [EMAIL PROTECTED] with body: "set
> > JSP-INTEREST DIGEST".
> > Some relevant FAQs on JSP/Servlets can be found at:
> >
> > http://java.sun.com/products/jsp/faq.html
> > http://www.esperanto.org.nz/jsp/jspfaq.html
> > http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> > http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
>
> ==========================================================================
> =
> To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> JSP-INTEREST".
> For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST
> DIGEST".
> Some relevant FAQs on JSP/Servlets can be found at:
>
> http://java.sun.com/products/jsp/faq.html
> http://www.esperanto.org.nz/jsp/jspfaq.html
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets