Hi all. I'm new to the list. Sorry if someone has already brought this up,
but couldn't the code provide some native methods for changing the uid of
the process after binding to the network ports (if they want to start as
root, binding to a port < 1024).
Then, the CGI executed would run as a non-root user. The Jigsaw webserver
does this.
Currently I'm reviewing the Tomcat sources for embedding a servlet engine in
our application. The application is part of a distributed intrusion
detection system, which needs some sort of web-based status/admin interface.
As for my experience, I've been using Java since it first came out. As a
software engineer I mainly work on concurrent, OO, server based
applications, design patterns, refactoring, blah, blah.
As for contributing to Tomcat, I'm not sure what needs to be done (bug
fixing? testing? code review? refactoring?). I'm assuming that the TODO list
is maintained in CVS? Is there any other software architecture documentation
besides what's on the jakarta website and the sources?
----- Original Message -----
From: "Christopher Cain" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, August 18, 2001 3:17 PM
Subject: Re: CGI wrapper in Tomcat 4.0 b7
> Quoting "Pier P. Fumagalli" <[EMAIL PROTECTED]>:
>
> > (BTW, wouldn't it be wise to disable CGI execution in the default
> > configuration? I don't know, after hearing people running Tomcat as
> > root, I feel we really should!)
>
> +1
