Java VM actually shields you from buffer overflow attacks, since you cannot overflow an array, let alone do it so that it overwrites code segments. So in case of Tomcat (or any Java-written server), buffer overflow attacks are out of question. Other attacks are still possible, though.
Attila. ----- Original Message ----- From: "Chris Newland" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: 2001. december 6. 12:18 Subject: RE: security issue: tomcat on port 80 > Hi, > > There are security implications for running *any* server process on *any* > port that is accessible by the public internet. > > To run a server on UNIX/Linux on a port number of less than 1024 requires > root privileges. I would strongly recommend you do *NOT* run Tomcat as the > root user since if the server was compromised (by a buffer overflow attack > for instance) then the attacker would have root access to the entire > machine. > > I personally run Tomcat behind an Apache web server (which runs on port 80 > on a restricted user account) and use mod_webapp to connect the two. > > Get a book on UNIX system administration and do some web searches, there's > plenty of information out there. > > Hope this helps, > > Chris >
smime.p7s
Description: application/pkcs7-signature
