Create Tomcat security startup account

Tomcat is a widely used Web server in the world that supports JSP and Servlets. It works well on the Java runtime and supports Web application deployments. Will cause disastrous consequences because of improper set-up. In tomcat default installation, Tomcat runs as a system service, and if it is not running as a system service, By default, almost all Web server administrators run them with administrator privileges to allow the Java runtime to access any file in any folder under the Windows system. By default, the Java Runtime grants security permissions based on the user who is running it. When Tomcat runs as a system administrator or as a system service, the Java runtime obtains all the permissions that the system user or system administrator has. As a result, the Java runtime obtains full permissions for all files in all folders. and Servlets (JSP to be converted to Servlets in the course of operation) has obtained the same permission. So Java code can call the file API in the Java SDK to list all the files in the folder and delete any files, the biggest danger is running a program with system privileges. When any one of the servlets contains the following code: B4AE04FD6DYSJKR5 Runtime RT = Runtime.getruntime ();

Rt.exec ("C:\SomeDirectory\SomeUnsafeProgram.exe"), whose service is started with system permissions. According to the privilege minimum security principle, the operation Local system permissions obtained by the script are reduced. This action is as follows:

Create a new account

1. Use "Itomcat_ computer name" to establish an ordinary user

2. Set a password for it

3. Ensure "Password never Expires" (Password Never Expires) is selected

To modify access rights for the Tomcat installation folder

1. Select environment Parameters Catalina_home or tomcat_home point to the Tomcat installation folder.

2. Give read, write, and execute access to the "Itomcat_ computer name" user.

3. Give read-only access to the WebApps folder for the "Itomcat_ computer name" user.

4. If some Web applications require write access, they are individually granted write access to that folder.

Tomcat as a system service

1. To Control Panel, select Administrative Tools, and then select Services.

2. Find Tomcat: such as Apache Tomcat.exe, and so on, open its "properties."

3. Select its "login" (log) label.

4. Choose "To ... Login (log on Using) option.

5. Type the new ITOMCAT_ computer name user as the user name.

6. Enter the password.

7. Reboot the machine.

To run Tomcat steps under a DOS window:

1. In the Start button, type cmd in the Run box to open a DOS window.

2. Type the "Runas/user:itomcat_ Computer name CMD.exe" command.

3. Enter the password for the setting when you ask the "Itomcat_ computer name" user's password.

4. This will open a new DOS window.

5. In the newly opened DOS window, convert to Tomcat's Bin folder.

6. Type the "Catalina Run" command.

7. Close the first DOS window.

Set up the program

Cmd. EXE NET. EXE ATTRIB. EXE At.EXE NET1. EXE FTP.EXE TELNET. EXE command.com CAcls.EXE Netstat.exe;system All permissions, other users do not have permissions.