WebApp Sec mailing list archives
Re: Tomcat on port 80 or Java as root
From: "David Wall @ Yozons, Inc." <dwall () yozons com>
Date: Thu, 11 Mar 2004 08:31:29 -0800
If you are running Linux (and presumably Unix too, since, you know, they are the same according to SCO), you can run tomcat on port 8080 or another non-root-required port (those < 1024) with a simple set of 'iptables' rules that map port 80 to port 8080. You can do the same for mapping something like 443 to 8443. This means the outside world sees the standard ports for HTTP/HTTPS, but your process doesn't have to actually listen on those ports. If desired, I can show some iptables rules we have to do this. However, there are some security reasons that putting a web server in front when the java app server is running on another piece of hardware. This allows you to run the http server on a box directly connected to the Internet, and then have it forward certain requests to your java app server that's running on a private network that's not directly accessible to the Internet. You can put your database there too. The benefit is that the app and db server are on servers that aren't directly accessible from the Internet, making it much harder to break into (they first have to break into your web server and then try to break into the app server on the private network). With firewall rules (like iptables) between the public and private servers, that's made even harder, and of course having good passwords is critical. David ----- Original Message ----- From: "Rajkumar S" <listuser () myrealbox com> To: <webappsec () securityfocus com> Sent: Thursday, March 11, 2004 7:42 AM Subject: Tomcat on port 80 or Java as root
Hi, What are the implications of running tomcat as root(ie to run tomcat on port 80) Is java secure enough to run as root, or should I run some thing like apache in front ? How about having Tux as a front end? Is it advisable from a security point of view? with warm regards, raj
Current thread:
- Tomcat on port 80 or Java as root Rajkumar S (Mar 11)
- RE: Tomcat on port 80 or Java as root Harshul Nayak (Mar 12)
- Re: Tomcat on port 80 or Java as root Rajkumar S (Mar 13)
- Re: Tomcat on port 80 or Java as root Aleksi Kallio (Mar 13)
- Re: Tomcat on port 80 or Java as root Dave Ockwell-Jenner (Mar 13)
- Re: Tomcat on port 80 or Java as root David Wall @ Yozons, Inc. (Mar 13)
- Re: Tomcat on port 80 or Java as root George Georgalis (Mar 13)
- RE: Tomcat on port 80 or Java as root urgoez (Mar 13)
- <Possible follow-ups>
- Re: Tomcat on port 80 or Java as root Daniel (Mar 12)
- RE: Tomcat on port 80 or Java as root Marc Deglos (Mar 12)
- Re: Tomcat on port 80 or Java as root Rajkumar S (Mar 13)
- Re: Tomcat on port 80 or Java as root Grega Bremec (Mar 14)
- RE: Tomcat on port 80 or Java as root Martin Gil (Mar 13)
- Re: Tomcat on port 80 or Java as root d31ik47 (Mar 13)
- Re: Tomcat on port 80 or Java as root Daniel (Mar 13)
- Re: Tomcat on port 80 or Java as root Daniel (Mar 13)
- RE: Tomcat on port 80 or Java as root Harshul Nayak (Mar 12)