Re: SuPHP alternative for JSP and Tomcat

Wed, 19 Jul 2006 03:12:30 -0700 

Pid wrote:


Do you want to prevent all users from access the file system, or permit
individual users access to their own part?

Peter Crowther wrote:
From: Vaclav Kaspar [mailto:[EMAIL PROTECTED] For security reasons I need JSP scripts to run under different users 
A single JVM runs as a single user.  To my knowledge, there's no way of
setting threads in a JVM to run as different users, so you're pretty
much stuck if you want to run in a single JVM.

A typical solution to this would be to run each user's webapp in its own
Tomcat in its own JVM.  This also allows a greater degree of security
between webapps - otherwise, it could be possible for a badly-behaved
webapp to hog resources or gain control over another webapp.  You then
need some kind of front-end to the multiple JVMs: Apache httpd plus the
JK connector, or your reverse proxy of choice.

                - Peter

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


I want to prevent  these  example situations
user  user1 have in his jsp script something like
FileWriter fw = new FileWriter("/home/USER2/somefile");
fw.write("blablabla");
fw.close();

or
File f = new File(/home/USER2/);
String[]  files =File.list();
FileReader fr = new FileReader(files[0]);
fr.read() ....
now these cases are possible because JSP runs in user Tomcat5 and if i want allow users JSP scripts to manipulate with IO I have to grant right to their homes to Tomcat
I already know the posibility to use Peter's solution with multiple Tomcat's, but for hosting more then 100 domains I aware a big useless load of the server, and complicated starting of Tomcat's. 



---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to