Quoting Mark Castillo <[EMAIL PROTECTED]>:
> Hi all. I'm new to the list. Sorry if someone has already brought this
> up, but couldn't the code provide some native methods for changing the uid
> of the process after binding to the network ports (if they want to start
> as root, binding to a port < 1024). Then, the CGI executed would run as a non-
> root user. The Jigsaw webserver does this.
Sounds cool, but I'll let someone a little more familiar with CGI speak to the
feasibility in Tomcat. I started out my dynamic-content life with ASP (D'oh!),
then moved to servlets (Woo-hoo!), so I was rather fortunate in that I got to
skip the whole CGI nightmare :-)
> Currently I'm reviewing the Tomcat sources for embedding a servlet
> engine in our application. The application is part of a distributed intrusion
> detection system, which needs some sort of web-based status/admin
> interface.
Cool! Do you guys have a beta or anything that I could check out yet? I'm
always interested in checking out software that can help with security!
(I'll let the core developers point you to the various Tomcat design docs.)
- Christopher
