WebApp Sec mailing list archives

Re: Tomcat on port 80 or Java as root

From: George Georgalis <george () galis org>
Date: Thu, 11 Mar 2004 17:48:07 -0500

On Thu, Mar 11, 2004 at 09:12:40PM +0530, Rajkumar S wrote:

Hi,

What are the implications of running tomcat as root(ie to run tomcat on 
port 80) Is java secure enough to run as root, or should I run some 
thing like apache in front ?

How about having Tux as a front end? Is it advisable from a security 
point of view?



Why not just use iptables to forward the request?

# Forward Packets between interfaces.
echo 1 >/proc/sys/net/ipv4/ip_forward

EXT_ISP='eth0'
DPORTS='-m multiport --dport'
DEST='--to-destination'
i="iptables -t nat -A PREROUTING -p tcp"
$i -i $EXT_ISP $DPORTS 80 -j DNAT $DEST 127.0.0.1:8080 # for tomcat


// George


-- 
George Georgalis, Architect and administrator, Linux services. IXOYE
http://www.galis.org/george cell:646-331-2027 mailto:george () galis org
Key fingerprint = 5415 2738 61CF 6AE1 E9A7  9EF0 0186 503B 9831 1631

Current thread:

Tomcat on port 80 or Java as root Rajkumar S (Mar 11)
- RE: Tomcat on port 80 or Java as root Harshul Nayak (Mar 12)
  - Re: Tomcat on port 80 or Java as root Rajkumar S (Mar 13)
  - Re: Tomcat on port 80 or Java as root Aleksi Kallio (Mar 13)
- Re: Tomcat on port 80 or Java as root Dave Ockwell-Jenner (Mar 13)
- Re: Tomcat on port 80 or Java as root David Wall @ Yozons, Inc. (Mar 13)
- Re: Tomcat on port 80 or Java as root George Georgalis (Mar 13)
- RE: Tomcat on port 80 or Java as root urgoez (Mar 13)
- <Possible follow-ups>
- Re: Tomcat on port 80 or Java as root Daniel (Mar 12)
- RE: Tomcat on port 80 or Java as root Marc Deglos (Mar 12)
  - Re: Tomcat on port 80 or Java as root Rajkumar S (Mar 13)
  - Re: Tomcat on port 80 or Java as root Grega Bremec (Mar 14)
- RE: Tomcat on port 80 or Java as root Martin Gil (Mar 13)
- Re: Tomcat on port 80 or Java as root d31ik47 (Mar 13)
- Re: Tomcat on port 80 or Java as root Daniel (Mar 13)
- Re: Tomcat on port 80 or Java as root Daniel (Mar 13)