-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Mark,
On 3/21/18 6:24 AM, Mark Thomas wrote: > On 21/03/18 05:32, Christopher Schultz wrote: >> All, >> >> I'm exploring running my application under a SecurityManager > > That's brave. Honestly, it really shouldn't be. I'm coming to the conclusion that a SecurityManager can really only limit the damage an application can do to the extent that the application could already do under normal circumstances. That sounds idiotic. Let me explain. In order to prevent the application from making arbitrary network connections, I can whitelist those connections that are okay. Fine. I get to specify the hostname (e.g. localhost) and port (e.g. 11211) that the application is allowed to access. But since I'm using an exploded WAR file and I don't bother packaging-up my application into a single JAR file (i.e. I use .class files in WEB-INF/classes like everyone else), I can't limit those connections to just my own code. So, let's say I have an old version of commons-fileupload and my application unsafely deserializes an untrusted blob. That means that newly-instantiated code running within my application can reac-hout to my memcached server and do whatever it wants. Not great. So in order to get the most benefit from the SecurityManager, I have to change my application's code (to use PrivilegedActions in places where it matters) and also its packaging, either to a JAR within the exploded-WAR, or switch to using a WAR file (which for me wouldn't actually be that hard). If I wanted to run more than one web application with different permissions, this would be an absolute requirement. As it stands, I have one webapp per Tomcat instance, so this is less of an issue. What would be really great is if Tomcat could manage the protection domains such that each web application has its own effective policy, and wouldn't require the use of PrivilegedActions. I'm not sure if any of that is even possible... just thinking like a lazy developer who wants to "add security later" -- the impossible dream. Thanks, - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqyYhMACgkQHPApP6U8 pFjGsQ/9FCL3gZW94JySqtMbk+BDCTEfrJuLdlUk9txAO7CiahZ9HdvfAGOGKTzO hD7sgTpihZ9G6B9/eQXYxr1iGQ1dclQ57See9eDaRazEvNSAhhVSLt7upL/fVstG YmSmhRz1G+kbJ5K1Urf+345to2g89BdrTH3mR3TUaF8uDyXca2Yd1aWuvbXnlTB5 xLxIAz+K4EBG2UZArOxK1tajkmyhEuA4JA9pl7Zjs0S1FkTMlLwjf6g6Jfli6C5P NhlTlotXiX47yj7mzTtaJee6t3I+ryUcYuz379SxJmZrJ5I63ey8OscIcIxD/e8k tz70HuExbZ/cdCvHSZgu3Kld2Ezjq1m9H6a3yCmmGyBOBNn7ggPUxCItR2Id6uEq gcJ1uaLeZIv8DfK0EouxhHkUP3b4H0x1Fl2Cf6TPFhMzCDcQwdI049eoENwmnOHY 2i0y0APnKcBwSEffbIJoIgYJuAgjNtY6I/ZrKLRTPYnCuN1tgJxbHwKo33JfzCxM cJ9oIA/l296GCMnUtilecDngWHD5L34Wtp6fYzfxh/zGecU6BZfDMvAN5JT0bwX0 +Y/izmdtHmR5tK9HZLQWCAiFw4hTMzPD7iM9gBfslPKmZxYfCSrsluXZYQQ3iZHW TtU/iU/breyGRAATICRZiD3EIdP0/px2snihZ8x6yB/iVRWXgTU= =czHs -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
