Costin Manolache wrote:
Glenn Nielsen wrote:
Interesting - but it won't work if the security manager is enabled.
If the security manager is disabled ( as it is in 99% of the cases ) -
there is no protection at all, if you can run servlets - you can do
anything a C program can. Just load a JNI library and then control the
VM at the low level, and access/modify anything that tomcat user can.
It may be a good idea if 5.0 would have the secure mode as default.
Users will complain their apps won't work and tomcat will be a bit
slower - but if this raises their awarness on security and maybe they
fix some of the webapps to work in the sandbox, then it's worth it.
Restoring the current mode can be easy - like adding a "-insecure"
option or some TOMCAT_INSECURE env :-)
+1 And I'm sure that for the majority of Tomcat user, the performance
hit will not be so high.
Read the whole message :-)
The big problem is that many webapps will just break. And people will
have to start learning how to configure the policy.
I do agree that it is worth it - but if we're going to do it we should
be prepared for a _lot_ of problems. Performance is the smallest problem
we'll have.
One of the things which has been on my TODO list for a while is to
write some documentation about how to code API's and web applications
which are SecurityManager friendly. I frequently run across code which
was written in a way which makes setting security policies difficult,
or require granting permissions you really don't want to grant to a web
application running in a sandbox. Having a document to point user's
to would help.
Glenn
----------------------------------------------------------------------
Glenn Nielsen [EMAIL PROTECTED] | /* Spelin donut madder |
MOREnet System Programming | * if iz ina coment. |
Missouri Research and Education Network | */ |
----------------------------------------------------------------------
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
