Totally agree with Chuck, I would not recommend running a web server as a root/system user.
> -----Original Message----- > From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] > Sent: 02 November 2010 18:48 > To: Tomcat Users List > Subject: RE: Protecting static resources in IIS > > > From: Richard G Curry [mailto:rgcu...@jcpenney.com] > > Subject: RE: Protecting static resources in IIS > > > > > > From: Rob Gregory [mailto:rob.greg...@ibsolutions.com] > > > > > Subject: RE: Protecting static resources in IIS > > > > > > Would that then result in having to run Tomcat/Apache/IIS as > > > > > root/system rather than a restricted user? > > > > > Yes. > > > > That sounds like a really bad idea. > > > How so? What am I missing? > > Basic security philosophy, known as the principle of least privilege. Running > as root/system is like walking around with a "kick me" sign; just wait till > the hackers break into your IIS box running that way... > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
