-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mike,
Michael McQuade wrote: > Im > running Tomcat 5.0.28 on a home server.... I want to allow people to > look at a product I'm developing over the web.... But I am worried > about my server being hacked.... Can anyone offer me some tips on > how to protect it..... I'm not very network saavy..... Thank-You in > advance.... Is your server connected directly to your Internet connection, or are you using a router? If you are using a router, there's good news and bad news. The good news is that nobody can hit your server directly from the Internet, so you are relatively protected. The bad news is that you will have to set up a port forwarding rule on your router so that people from the Internet can get to your server. Since a port forwarding rule can be limited to a single port, you don't have to worry about anyone hacking /other/ services that might be running on your server -- at least not directly. Now, you just need to make sure that Tomcat is up-to-date and that your application doesn't offer any juicy places to attack (like allowing a remote user to submit code to be executed, etc.). As always, never run Tomcat as an administrative user. Instead, run it as a regular user with access only to files owned by the "tomcat" user (or whatever). If you're really paranoid, you could run Tomcat using chroot (if you're using anything UNIX-like) and/or run Tomcat with a SecurityManager locking-down everything. Turning on a SecurityManager usually results in you having to take a while to figure out everything that your application needs and specifically granting access to it. (It's kind of a headache). Everything comes down to this: 1. Make sure your OS and app server are up-to-date with security patches. 2. Limit access to only what you need (forward only the one port). 3. Never run a service as root or administrator. 4. Make sure your application doesn't do anything stupid. Hope that helps, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGp3HE9CaO5/Lv0PARAqCYAJ4v7W7XUDmv4K65c5uyDl89Vtzh7ACgjga6 +aA51gv8ZFrQdPB1LJ13qxg= =nlpd -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
