2010/3/25 Christopher Schultz <ch...@christopherschultz.net>: I will try to be brief in my answers below, so please excuse some apparent harshness.
>(...) > In the Tomcat SecurityManager docs > (http://tomcat.apache.org/tomcat-6.0-doc/security-manager-howto.html), > most of the "grants" in the policy file do not have a codeBase. Why are you looking there? The policy file cited there is "conf/catalina.policy". I would prefer the live copy over the paper. (Though the doc should match the file). > most of the What you mean by "most"? Are you counting "AllPermission" as "one" versus all those in the "by default" grant block as "many"? > By the way, I /have/ read > http://java.sun.com/j2se/1.5.0/docs/guide/security/PolicyFiles.html but > some things are still unclear. Java 6 docs are below from here: http://java.sun.com/javase/6/docs/technotes/guides/security/index.html See also the following document there http://java.sun.com/javase/6/docs/technotes/guides/security/spec/security-spec.doc.html http://java.sun.com/javase/6/docs/technotes/guides/security/spec/security-specTOC.fm.html > it appears that the SecurityManager is enforcing > permissions along with the call chain... It is documented in those specifications by Sun. It looks the call chain up to the nearest AccessController.doPrivileged(). http://java.sun.com/javase/6/docs/technotes/guides/security/spec/security-spec.doc4.html#24646 http://java.sun.com/javase/6/docs/api/java/security/AccessController.html > Third: doesn't this make performance really suck? As with any performance question: test it yourself and for your own application/environment. Only that will give you numbers. It may be that impact of those "security checks" is small compared to other bottlenecks in one's application. Though, personally, I do not like when a computer performs "useless" work. > such as granting AllPermission to things like bootstrap.jar That is determined by the task that this protection performs. In general, the idea is that what is installed by "administrator" is controlled and thus trusted, but the web applications themselves are not trusted by default. Also if the web applications are not trusted, it would make sense to limit their control over Tomcat settings, by setting deployXML="false" on a <Host>. By the way, Mark's presentations from recent ApacheCons are here: http://people.apache.org/~markt/presentations/ Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
