> From: Eric Haszlakiewicz [mailto:[EMAIL PROTECTED] > Subject: Re: permission on server.xml > > Charles, you're missing his point.
Wouldn't be the first time. > His "user" is not a website user, it's a _tomcat_ user. > I.e. someone that is allowed to deploy an application on > the app server. > > You probably need to run a separate tomcat instance for > each customer. Given that definition of "user", I would agree. You can limit the capabilities of webapps by using a Security Manager, but ill-behaved apps can still impact others in the same JVM. Nevertheless, the Tomcat administrator is still responsible for insuring that rogue apps are not deployed. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
