-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Darren,
Darren wrote: > I think the 'running on port 80' section needs some rewording as I'm not > advocating that putting IIS or apache infront of your tomcat > installation will make it any more secure. As a sysadmin you may be > asked to serve tomcat based pages on port 80 so it is presenting the > options without bias towards any of them. Perhaps I need to add some > bias, from a security perspective, to prevent misunderstanding ... Perhaps you should have a section on "related questions". You could include a discussion of the reasons why Tomcat cannot bind to port 80 on many operating systems, and what options are available. It is good for admins to understand that it's not the fault of Tomcat or Java; it's the OS's restriction on user rights. Apache httpd has the exact same restrictions, although it comes with the capability to startup as root and then drop privileges. I don't believe the same is true for Tomcat. If security concerns are something to be raised for a particular option (for instance, use of some well-known bad version of a web server), then you should definitely point those out. One thing that you should mention is that running Tomcat (or any other service for that matter) as root is probably not the best answer. Encourage your readers to consider other options such as jsvc, Apache, IIS or whatever. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFo/P/9CaO5/Lv0PARAo+8AKC2Q7fUU1FWSABZn3FE3ITx/yrurwCgnDXj PiVW+DMYQNWBj3re0VOzk8M= =s9Kj -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
