The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

TomCat from 0

Discussion in 'General Discussion' started by 000, Jun 3, 2008.

  1. 000

    000 Well-Known Member

    Joined:
    Jun 3, 2008
    Messages:
    150
    Likes Received:
    0
    Trophy Points:
    16
    Hello,

    My Provider setup TOM.
    But he say:

    The admin url is http://servername.mydomain.com:8080/
    The admin user is root
    The admin password is 8IoSnsGqcCS

    And he say: "Remember we no support this".

    Then we only question to he:

    Ouch!, but we want offert service to customers, in this form: "web.com/file.jsp" how we can?

    And he say: "Remember, we no support Tom, go to forums.cpanel.net or Pay to we US $150 by hour."

    Then... Please somebody can help to we?

    1. Is possible actived Tom to some domains, (NO all)?
    2. How run file.jsp in web.com/file.jsp NO IN web.com:8080/file.jsp?
    3. Is possible give ADMIN + PASSWORD to each customer?
    But the more important: Security
    1. How avoid USERX run command "format disk"?
    2. How avoid user malicious run command similar to "Read /home/OTHER/USERS" ?
    3. Maybe (As in PHP) we need disabled functions?, whom?, how?

    Finnaly when we go to http://servername.mydomain.com:8080/ this load Tom, Ok.

    But what we can do with:

    The admin user is root
    The admin password is 8IoSnsGqcCS

    ?

    Any help: THANKS.

    We want offert TOMCAT to new customers is all. But we unknow ALL about of security of TOMCAT.

    Our VPS run with APACHE PHP-Suexec.
    Exist some similar to "Apache TOM-Suexec"? We no believe bu our fear is users from TOM/JAVA can read /etc/passwd or some similar.

    Newly THANKS.
     
  2. Vinayak

    Vinayak Well-Known Member

    Joined:
    Jun 27, 2003
    Messages:
    267
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Bharat
    cPanel Access Level:
    Root Administrator
    First : You are not required to give out admin password to users, and you should not.

    Second: If TomCat has been installed properly, you will see

    Main >> Account Functions >> Install Servlets

    To enable JSP support on the desired account, so you are not activating Tomcat on all accounts.

    Third : You should be knowing that TomCat is very resource hungry application, you should not run it on a VPS.
     
  3. 000

    000 Well-Known Member

    Joined:
    Jun 3, 2008
    Messages:
    150
    Likes Received:
    0
    Trophy Points:
    16
    THANKS! :)

    Ah!, ok, if customer required this PASS we no give. :cool: Ok!. Maybe customer required other PASS or NEVER he need?

    Yes!, now we have this.

    Message is:

    "Warning, servlets take a lot of system resources.
    You will only be able to install them on about 100 domains per server.
    "

    Vinsar they say to we:

    "With your current RAM (640 MB) you should have no problem running TomCat".

    What is you opinion?

    Master we see this of Tom we actived from cPanel.
    We can sleep and cPanel managed security of JSP and servlets?

    Thanks by ALL you help.
    This is very important to we.

    :)
     
  4. Vinayak

    Vinayak Well-Known Member

    Joined:
    Jun 27, 2003
    Messages:
    267
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Bharat
    cPanel Access Level:
    Root Administrator
    Under normal circumstances, your customer will not be needing TomCat admin password, moreover if it is properly installed with administration module, you can create user/pass for your users. Customer will be needing his cPanel user/pass just like other normal accounts.

    640 Mb is too low for TomCat use.

    TomCat in itself is quite secure, its the application that developer is making should be secure.

    Since you are not familiar with TomCat, I will suggest you to hire some one who is an expert in it, because I am sure soon you will be facing lot of troubles because of it.
     
  5. 000

    000 Well-Known Member

    Joined:
    Jun 3, 2008
    Messages:
    150
    Likes Received:
    0
    Trophy Points:
    16
    How?, Where?
    As you recomended?
    But if customer RUN "read /home/tututu/file_config.php" This is a several danger!!, What we can disabled to avoid some silar?

    Or worse:

    "read /mysql/databases"

    Or

    "copy /databases to /home/customer_malicious"

    How we are can sure this no happens?

    Ok, admin setup TOM, and WHM integrate TOM with WHM, (we can setup TOM to X count), but cPanel developments of think in security?
    Thanks Master.
     
Loading...

Share This Page