You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Igal @ getRailo.org" <ig...@getrailo.org> on 2014/11/05 20:34:52 UTC
Security Best Practices on Windows Service
hi,
what are the security best practices for running Tomcat as a Windows
Service?
is the local system account safe or am I better off creating a new user
and giving it write permissions only to the Tomcat runtime folders and
read permissions to the web contents folder?
TIA
--
Igal Sapir
Railo Core Developer
http://getRailo.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Security Best Practices on Windows Service
Posted by "Terence M. Bandoian" <te...@tmbsw.com>.
On 11/5/2014 1:34 PM, Igal @ getRailo.org wrote:
> hi,
>
> what are the security best practices for running Tomcat as a Windows
> Service?
>
> is the local system account safe or am I better off creating a new user
> and giving it write permissions only to the Tomcat runtime folders and
> read permissions to the web contents folder?
>
> TIA
>
Hi, Igal-
You might consider enabling the Java Security Manager.
-Terence Bandoian
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Security Best Practices on Windows Service
Posted by Aurélien Terrestris <at...@gmail.com>.
>In my previous employment, we did that. Create a local user account and
set permissions to the Tomcat installation directory and optional
CATALINA_BASE (if you separated them).
I agree with this (done hundreds of times), and you can set rights
with xcacls. However this reminds us that usually the webapps
directory must be writable for auto-deployment, as are temp, work and
even conf (uploading of META-INF/context.xml to conf/Catalina)
directories.
This is good but not sufficient for complete security. For example,
one still could exploit a vulnerability and introduce jsps of his own.
Of course this jsp could not write outside anything of TOMCAT_BASE,
but your website could be defaced or give a backdoor to a database.
A.T.
2014-11-05 21:19 GMT+01:00 Leo Donahue <do...@gmail.com>:
> On Wed, Nov 5, 2014 at 1:34 PM, Igal @ getRailo.org <ig...@getrailo.org>
> wrote:
>
>> hi,
>>
>> what are the security best practices for running Tomcat as a Windows
>> Service?
>>
>> is the local system account safe
>
>
> Define safe. LocalSystem has too many privs that a Tomcat service account
> doesn't need in my opinion.
>
> or am I better off creating a new user
>> and giving it write permissions only to the Tomcat runtime folders and
>> read permissions to the web contents folder?
>>
>>
> In my previous employment, we did that. Create a local user account and
> set permissions to the Tomcat installation directory and optional
> CATALINA_BASE (if you separated them). We did not use domain accounts for
> the Tomcat service account because the Tomcat service account did not need
> access to network resources in our setup. Create a strong password.
>
> Leo
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Security Best Practices on Windows Service
Posted by Aurélien Terrestris <at...@gmail.com>.
>In my previous employment, we did that. Create a local user account and
set permissions to the Tomcat installation directory and optional
CATALINA_BASE (if you separated them).
I agree with this (done hundreds of times), and you can set rights
with xcacls. However this reminds us that usually the webapps
directory must be writable for auto-deployment, as are temp, work and
even conf (uploading of META-INF/context.xml to conf/Catalina)
directories.
This is good but not sufficient for complete security. For example,
one still could exploit a vulnerability and introduce jsps of his own.
Of course this jsp could not write outside anything of TOMCAT_BASE,
but your website could be defaced or give a backdoor to a database.
2014-11-05 21:19 GMT+01:00 Leo Donahue <do...@gmail.com>:
> On Wed, Nov 5, 2014 at 1:34 PM, Igal @ getRailo.org <ig...@getrailo.org>
> wrote:
>
>> hi,
>>
>> what are the security best practices for running Tomcat as a Windows
>> Service?
>>
>> is the local system account safe
>
>
> Define safe. LocalSystem has too many privs that a Tomcat service account
> doesn't need in my opinion.
>
> or am I better off creating a new user
>> and giving it write permissions only to the Tomcat runtime folders and
>> read permissions to the web contents folder?
>>
>>
> In my previous employment, we did that. Create a local user account and
> set permissions to the Tomcat installation directory and optional
> CATALINA_BASE (if you separated them). We did not use domain accounts for
> the Tomcat service account because the Tomcat service account did not need
> access to network resources in our setup. Create a strong password.
>
> Leo
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Security Best Practices on Windows Service
Posted by Leo Donahue <do...@gmail.com>.
On Wed, Nov 5, 2014 at 1:34 PM, Igal @ getRailo.org <ig...@getrailo.org>
wrote:
> hi,
>
> what are the security best practices for running Tomcat as a Windows
> Service?
>
> is the local system account safe
Define safe. LocalSystem has too many privs that a Tomcat service account
doesn't need in my opinion.
or am I better off creating a new user
> and giving it write permissions only to the Tomcat runtime folders and
> read permissions to the web contents folder?
>
>
In my previous employment, we did that. Create a local user account and
set permissions to the Tomcat installation directory and optional
CATALINA_BASE (if you separated them). We did not use domain accounts for
the Tomcat service account because the Tomcat service account did not need
access to network resources in our setup. Create a strong password.
Leo