• Inviting everyone who uses WordPress management tools in Plesk
    The Plesk team is conducting a 60-minute research session that includes an interview and a moderated usability test.
    To participate, please use this link .
    Your experience will help shape product decisions and ensure the tools better support real-world use cases.

Tomcat Security

J

JosephB

Guest
I see that the Tomcat service is running as the system administrator, which grants the Tomcat service root access. While testing Tomcat I also found that through your applications you can actually write to any folder on the drive. Is this not a major security risk? What steps must I take to secure Tomcat and possibly set the service to use a restricted user account?
 
I am quite surprised and disappointed by the poor design of the Tomcat integration, although I am still optimistic towards setting-up up a secure and reliable Tomcat environment. For now I modified the Tomcat service to run as a separate user account to deny it access to system files.

If anyone has any comments regarding securing or setting up Tomcat on Plesk for Windows then please let me know.
 
You must log in or register to reply here.

Similar threads

Hangover2
Critical security issue fixed on 24–25 February 2026 (Plesk Obsidian 18.0.75 Update 1 / 18.0.76 Update 2) — request for vulnerability details
Replies
4
Views
1K
Hangover2
Hangover2
M
Input Provide detailed security information and a dedicated security mailing list
Replies
13
Views
4K
hschramm
hschramm
P
Issue E-Mail-Security failed to pipe message to "es-learn-spam.sh"
Replies
13
Views
3K
Puschendorf
P
Z
Issue Major security inconsistency in Plesk admin access control logic
Replies
7
Views
5K
zigzag
Z
V
SELinux is preventing /usr/libexec/dovecot/auth from write access on the file /var/lib/plesk/mail/userdb/userdb.db
Replies
1
Views
1K
Sebahat.hadzhi
Sebahat.hadzhi
Back
Top