"Craig R. McClanahan" wrote:
>
> On Mon, 12 Mar 2001, Glenn Nielsen wrote:
>
> > The latest version of Tomcat 4.0 from CVS supports the Java SecurityManager.
> > Tomcat 4.0 Beta 1 did not.
> >
> > The Java SecurityManager can restrict access to those properties and do a
> > great deal more to assist you in running a secure application server.
> >
> > I wouldn't consider what you reported as a bug now that the Java SecurityManager
> > has been implemented.
> >
>
> I think the issue is still real (assuming that you don't have total
> control over the code installed in your web app), because context
> attributes are mutable. These attributes were originally introduced to
> avoid code dependencies between Jasper and the servlet container it runs
> in. Now that we have a JNDI context, I think that might be a more
> appropriate mechanism, because the context itself is immutable.
>
Sounds like a good idea. I have been finding JNDI very handy for populating
resources to Tomcat Hosts.
> > BTW, if you are attending ApacheCon 2001 Apr 4-6, I will be presenting a session on
> > "Tomcat Server and Application Security" that goes into great detail on
> > how the Java SecurityManager works and using it with Tomcat.
> >
>
Make that:
- F03 "Tomcat Server and Application Security"
> Gee, maybe I'd better come and learn :-). I will definitely be there,
> because I'm presenting two other Tomcat related sessions and one on web
> application architectures:
> - TH13 "The Tomcat Servlet Container" (will cover 4.0 architecture)
> - TH09 "Migrating Apache JServ Applications to Tomcat"
> - W16 "Recommendations for Java-Based Web Application Architectures"
>
Sheesh, I had enough trouble getting 1 presentation ready on time, let alone three!
No wonder you have been relatively inactive on these lists lately.
BTW, did you see my proposal regarding how Tomcat 4.0 should handle
unpacking of war files? I would like to implement it this week.
Any comments on that?
Regards,
Glenn
----------------------------------------------------------------------
Glenn Nielsen [EMAIL PROTECTED] | /* Spelin donut madder |
MOREnet System Programming | * if iz ina coment. |
Missouri Research and Education Network | */ |
----------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
