r6 - 18 Jul 2007 - 19:23:54 - MimiYinYou are here: OSAF >  Documentation Web  >  ServerBundleAdministrator > ServerBundleHostSecurity
Cosmo web server

Server Bundle Host Security

When installing the server bundle, you will likely want to take steps to secure the installed directories and files so that unauthorized users on the machine do not have access to sensitive information.

Run-as User

You will likely want to create a system user specifically for running the server. This is recommended but not required. If you do, you should change the permissions on the installation directory and all of its included files and directories so that only this user has access to them.

Tomcat Configuration

You should change the Tomcat shutdown password from its default (SHUTDOWN) in $COSMO_HOME/tomcat/conf/server.xml:

<Server port="8005" shutdown="SHUTDOWN">

If necessary, change the permissions on server.xml so that only the user running Tomcat can read and write the file.

Data Store

Even if you choose not to set draconian permissions for the entire installation, you will want to protect your data store. The embedded Derby database is configured by default to store all content on the local filesystem, which could be inspected by external tools while the server is offline. Thus, if the data store is accessible to arbitrary users, they will be able to read data that is otherwise access-restricted.

The best policy is to change the permissions for the db directory and all of its contents so that only the user running Tomcat can read and write them.

Edit | WYSIWYG | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r6 < r5 < r4 < r3 < r2 | More topic actions
Open Source Applications Foundation
Except where otherwise noted, this site and its content are licensed by OSAF under an Creative Commons License, Attribution Only 3.0.
See list of page contributors for attributions.