Hi, There are security implications for running *any* server process on *any* port that is accessible by the public internet.
To run a server on UNIX/Linux on a port number of less than 1024 requires root privileges. I would strongly recommend you do *NOT* run Tomcat as the root user since if the server was compromised (by a buffer overflow attack for instance) then the attacker would have root access to the entire machine. I personally run Tomcat behind an Apache web server (which runs on port 80 on a restricted user account) and use mod_webapp to connect the two. Get a book on UNIX system administration and do some web searches, there's plenty of information out there. Hope this helps, Chris -----Original Message----- From: E B [mailto:[EMAIL PROTECTED]] Sent: 06 December 2001 09:55 To: Tomcat Users List Subject: security issue: tomcat on port 80 How safe is it to have tomcat listening on port 80 running on a RH6.2, which is on the internet ? Did anybody face any security problems ever ? ________________________________________________________________ Nokia 5510 looks weird sounds great. Go to http://uk.promotions.yahoo.com/nokia/ discover and win it! The competition ends 16 th of December 2001. -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]> -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
