Implications of Running tomcat on Port 80 (Solaris)
Posted on 2006-04-26
I am running Apache Tomcat 5.5.15 as a web server on Solaris 10 for x86.
I'm currently running Tomcat on port 8080 but want to run it on port 80 so users do not have to specify the port number when accessing the application. However, I am concerned that there may be security issues involved with running Tomcat with special privleges. The standard way to handle this situation is to run Apache httpd server and use a Connector to route servlet traffic to Tomcat. It is my understanding that Apache is "safer" than Tomcat because it is written in C and has been around longer. The problem is that I cannot find binaries for Solaris x86 for the Apache Connector. Building the source ourselves is not an option as we did not purchase the C compiler for the machine. On a side note, there is no compelling performance reason for using Apache httpd for my particular application.
So I would like to know what the security implications are for running Tomcat on port 80.