On Tue, May 12, 2020, 21:48 kohmoto <kohm...@iris.eonet.ne.jp> wrote:
> Hi, Calder, > > Thank you for your prompt reply. > I think Tomcat binary files all have root priviledges. > Should these priviledges should be changed to user priviledges? > Yes. There is a "Tomcat Security" guide at the Tomcat website. Also, Mulesoft has a good guide https://www.mulesoft.com/tcat/tomcat-security Your truly, > Kazuhiko Kohmoto > > On 2020/05/13 11:17, calder wrote: > > If TC, running as root, is ever compromised, the compromising user > > (attacker) can gain access to the whole of the system. The attacker > could > > execute any arbitrary command available on the system. They could remove > > files, or install malicious software. > >
