On Wed, Nov 5, 2014 at 1:34 PM, Igal @ getRailo.org <i...@getrailo.org> wrote:
> hi, > > what are the security best practices for running Tomcat as a Windows > Service? > > is the local system account safe Define safe. LocalSystem has too many privs that a Tomcat service account doesn't need in my opinion. or am I better off creating a new user > and giving it write permissions only to the Tomcat runtime folders and > read permissions to the web contents folder? > > In my previous employment, we did that. Create a local user account and set permissions to the Tomcat installation directory and optional CATALINA_BASE (if you separated them). We did not use domain accounts for the Tomcat service account because the Tomcat service account did not need access to network resources in our setup. Create a strong password. Leo
