> Jean-Philippe Steinmetz wrote: >> Definitely not a dumb question. I would love to run Tomcat on port 80 >> but I >> discovered that (under debian at least) I am unable to run Tomcat as a >> non-root user on any port under 1024 (linux security). I am also not >> very >> keen on running Tomcat as root. I have spent hours searching for ways >> and >> everyone seems to think redirection is the only option. If you know of a >> way >> to get Debian to allow Tomcat to bind at port 80 I would love to know. > Anything meeting this criteria could be termed an exploit. An > alternative to iptables for simulating this behavior is xinetd. See > http://www.ibm.com/developerworks/java/library/l-secjav.html#h5
Another good and lightweight solution is to run Pound http://www.apsis.ch/pound/index_html in front of Tomcat. As a http reverse proxy you can add some additional security through it. I'm using it in front of JBoss and also terminate SSL on Pound. Simon ------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
