Glenn Nielsen wrote:
>>> Interesting - but it won't work if the security manager is enabled. >>> If the security manager is disabled ( as it is in 99% of the cases ) - >>> there is no protection at all, if you can run servlets - you can do >>> anything a C program can. Just load a JNI library and then control the >>> VM at the low level, and access/modify anything that tomcat user can. >>> >>> It may be a good idea if 5.0 would have the secure mode as default. >>> Users will complain their apps won't work and tomcat will be a bit >>> slower - but if this raises their awarness on security and maybe they >>> fix some of the webapps to work in the sandbox, then it's worth it. >>> Restoring the current mode can be easy - like adding a "-insecure" >>> option or some TOMCAT_INSECURE env :-) >> >> >> +1 And I'm sure that for the majority of Tomcat user, the performance >> hit will not be so high. Read the whole message :-) The big problem is that many webapps will just break. And people will have to start learning how to configure the policy. I do agree that it is worth it - but if we're going to do it we should be prepared for a _lot_ of problems. Performance is the smallest problem we'll have. >>> The sandbox is IMHO the biggest benefit of Java over all other >>> languages ( including .net - I know they have similar concept, but I >>> don't think it matches the JVM ). >> > > Hear, hear. That is what got me involved with Tomcat. Well, it is what got me involved with Java in the first place :-) Costin -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
