-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 André,
On 9/26/2011 11:30 AM, André Warnier wrote: > Leo Donahue - PLANDEVX wrote: >> In light of the recent announcement, is securing Tomcat Manager >> with org.apache.catalina.valves.RemoteAddrValve enough if we are >> using 127.0.0.1 or should I consider changing the manager >> auth-method from BASIC to FORM and enable HTTPS as well? Is >> running Tomcat as a Windows service considered "insecure"? >> > I must say that I fail to see the link with the recent > announcement, which concerned only DIGEST authentication. +1 > Similarly, running Tomcat as a Windows Service should be, if > anything, more secure than running it in a command window, since > presumably only some selected users are allowed to start/stop > Windows services. +1 Also, running as a service typically runs with even fewer privileges than a console user (no network-mapped volumes, etc.). One could argue that running anything on Windows makes it less secure, but that would be a cheap shot :) - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6A2ZQACgkQ9CaO5/Lv0PDKXwCeO/IMZEsa7RyEwGS5F2KtTp6h KAIAoMBmuFXiJZLwZbCZx63kRuTnICds =fzai -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
