> I must say that the nature of your questions leaves me with some concern
> about the content of your guide...
Hmmm, I wont bite but I will provide a little more information on what I am
doing.
The guide is specifically being written for Tomcat on Windows, which in my
searching of the web there is very few resources available, and even fewer that
provide collated recommendations.
As you may have guessed (and is eluded to in the response below) I am not an
expert at Tomcat or Java however I need to put together a guide that can be
delivered to infrastructure managers whose primary goal is to 'get it working'
without considering security.
So as part of the information security team I have to provide recommendations
to those Infrastructure managers on how to secure the infrastructure (as well
as every other application and piece of infrastructure that is being deployed).
The majority of the guide is focused on management of the Tomcat server. Things
like running tomcat as an unprivileged user (and getting the appropriate
Windows permissions to allow that to work properly), Separation of tomcat
directories from program files, segregation of duties for Wep-app content and
Infrastructure admins, removing or limiting access to default or manager
applications, limiting access to sensitive (or dangerous) Windows files and
folders, etc, etc, etc.
________________________________
Noble cause.
Note one thing, that has nothing to do with Windows, but Java Security. When
you enable it, almost all activities directed outside JVM, and even some
directed inside it, will require particular permissions. See the supplied
security policy for some details, but I will add one that is always present and
not covered in that file (for obvious reasons): connection to a DB.
If you wish to use any DB server, you will need a TCP/IP connection, via JDBC,
to that DB. I am not counting in in-memory DBs, like HSQL. To make the
connection, or rather to let JDBC driver make the connection, you must add an
appropriate permisssion to your JDBC driver classes. Something like:
grant codeBase "file:${catalina.home}/psa-webapps/mydomain.com/myapplication/" {
permission java.net.SocketPermission "localhost","resolve";
permission java.net.SocketPermission "localhost:3306","connect,resolve";
};
I'm not sure this works, though, just picked it up on Google, but that is how
it generally should look. Though, I'd use class name, not file location for
targeting the JDBC driver.
This applies to all aspects of your application, like web services, RMI, disk
access,...
So, turning secure mode on can require additional work. Not that I consider it
a bad idea, but just have in mind that it is not just "adding a couple of
switches". You should tailor security policy for your application's needs. And
it can be a lot of work, plus, it will require testing to see if you've missed
something.
Nix.
