Ok, this subject is getting pretty far from Tomcat, but I'll address this.
I asked once on the OpenBSD list. Those guys are very much
traditionalists so they did not like the idea. Still, there is no
longer any rational reason for this restriction. I challenge
anyone to point out a
I asked once on the OpenBSD list. Those guys are
very much
traditionalists so they did not like the idea.
Still, there is no
longer any rational reason for this restriction. I
challenge anyone
to point out a good reason for it. Basically, it
I discussed this on a local LUG. It seems
Have you tried asking your question in the linux mailing lists ?
What do those guys got to say about this restriction to bind to
ports 1024 in the present day server systems?
I asked once on the OpenBSD list. Those guys are very much
traditionalists so they did not like the idea. Still,
Dr. Evil:
Have you tried asking your question in the linux
mailing lists ? What do those guys got to say about
this restriction to bind to ports 1024 in the
present day server systems?
--- Dr. Evil [EMAIL PROTECTED] wrote: The VM
itself is typically writen in C/C++, so I
wouldn't beg on
The VM itself is typically writen in C/C++, so I wouldn't beg on more=20
safety for a VM than Apache.
That's probably true. However, the likelihood of someone being able
to send a web request to Tomcat that will result in Tomcat triggering
a buffer overflow in the VM seems ridiculously small.
, that it was
hard to get more security whithout affecting the
ease of use for the daily work.
-Ursprüngliche Nachricht-
Von: Dr. Evil [mailto:[EMAIL PROTECTED]]
Gesendet: Freitag, 7. Dezember 2001 09:20
An: [EMAIL PROTECTED]
Betreff: Re: AW: security issue: tomcat on port 80
snip/
Which
The past 12 years I worked constantly for companies that had one or
more unix servers and always only a small number of users had an
admin=20 account, all other had 'normal' user accounts.
Anyway, can someone explain to me the security benefit of restricting
bind 1024 to uid 0? At this
How safe is it to have tomcat listening on port 80
running on a RH6.2, which is on the internet ?
Did anybody face any security problems ever ?
Nokia 5510 looks weird sounds great.
Go to http://uk.promotions.yahoo.com/nokia/
system administration and do some web searches, there's
plenty of information out there.
Hope this helps,
Chris
-Original Message-
From: E B [mailto:[EMAIL PROTECTED]]
Sent: 06 December 2001 09:55
To: Tomcat Users List
Subject: security issue: tomcat on port 80
How safe is it to have
.
- Original Message -
From: Chris Newland [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Sent: 2001. december 6. 12:18
Subject: RE: security issue: tomcat on port 80
Hi,
There are security implications for running *any* server process on *any*
port that is accessible
--- Attila Szegedi [EMAIL PROTECTED] wrote:
Java VM actually shields you from buffer overflow
attacks, since you cannot
overflow an array, let alone do it so that it
overwrites code segments. So
in case of Tomcat (or any Java-written server),
buffer overflow attacks are
out of question.
-
Von: Attila Szegedi [mailto:[EMAIL PROTECTED]]
Gesendet: Donnerstag, 6. Dezember 2001 12:57
An: Tomcat Users List
Betreff: Re: security issue: tomcat on port 80
snip/
Java VM actually shields you from buffer overflow attacks,
since you cannot overflow an array, let alone do it so
How safe is it to have tomcat listening on port 80
running on a RH6.2, which is on the internet ?
Did anybody face any security problems ever ?
From the conventional point of view, having things run on port 80 has
been dangerous because a proc has to have uid 0 to bind to the port.
Apache is
port
and placed behind the firewall. I feel much more secure running Tomcat then
IIS on Win32.
Jim
-Original Message-
From: Dr. Evil [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 06, 2001 1:48 PM
To: [EMAIL PROTECTED]
Subject: Re: security issue: tomcat on port 80
How safe
14 matches
Mail list logo