• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Tomcat Security

J

JosephB

Guest
I see that the Tomcat service is running as the system administrator, which grants the Tomcat service root access. While testing Tomcat I also found that through your applications you can actually write to any folder on the drive. Is this not a major security risk? What steps must I take to secure Tomcat and possibly set the service to use a restricted user account?
 
I am quite surprised and disappointed by the poor design of the Tomcat integration, although I am still optimistic towards setting-up up a secure and reliable Tomcat environment. For now I modified the Tomcat service to run as a separate user account to deny it access to system files.

If anyone has any comments regarding securing or setting up Tomcat on Plesk for Windows then please let me know.
 
You must log in or register to reply here.

Similar threads

S
Issue Admin Account Not Showing All Webspaces After License Upgrade - Plesk Web Host Edition
Replies
2
Views
302
Sebahat.hadzhi
Sebahat.hadzhi
H
Question SSH user can see other subdomain directories even with chrooted shell?
Replies
3
Views
928
Raul A.
R
T
Resolved WordPress Toolkit Reporting Incorrect Risk Levels Again
Replies
5
Views
2K
Sebahat.hadzhi
Sebahat.hadzhi
Mi-Z
Resolved Opening SSH Terminal in Plesk fails
Replies
10
Views
2K
Mi-Z
Mi-Z
H
Resolved Unable to Disable Node.js Application in Plesk – App Remains Accessible
Replies
1
Views
1K
HawkSky
H
Back
Top