"Craig R. McClanahan" wrote:
>
> On Mon, 2 Apr 2001, Amy Roh wrote:
>
> > Hi Martin,
> >
> > See comments below.
> >
> > Martin Dengler wrote:
> > >
> > > 2) Addition to default context
> > >
> > > Would this CGI servlet be added to the default context similar to
> > > SsiInvokerServlet?
> >
> > Yes.
> >
>
> I would suggest that we do this, but leave it commented out. The reason
> is that the potential for mischief is *much* larger when we are talking
> about executing outside programs instead of just displaying content back
> to a web browser. I vote for making the Tomcat sysadmin have to enable
> this feature explicitly if they want it.
>
> Once we implement the #exec functionality in SSI, the same argument would
> apply here -- unless we added a config option to disable the #exec by
> default but left everything else alone.
>
> An alternative (possibly additional) approach would be to tweak the
> security manager properties so that executing external programs is *not*
> allowed by default. That way, we could leave these two servlets defined
> in the conf/web.xml file, but they won't be able to cause damage.
>
I agree that SSI and CGI should not be enabled by default.
Setting security policies for use by the SecurityManager is based on
the codebase (jar file) the class is loaded from. Catalina and Jasper
need more permissions than a web application. To enable the ability
for fine grained security policies servlets would need to be packaged
in their own jar files. I can see having webdav, ssi, cgi, and manager
servlets broken out with each one having their own jar file so different
security policies can be set for each servlet.
Regards,
Glenn
----------------------------------------------------------------------
Glenn Nielsen [EMAIL PROTECTED] | /* Spelin donut madder |
MOREnet System Programming | * if iz ina coment. |
Missouri Research and Education Network | */ |
----------------------------------------------------------------------
