db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bryan Pendleton <bpendle...@amberpoint.com>
Subject Re: [jira] Commented: (DERBY-1054) Starting Derby with the NetServlet inside of tomcat does not allow binding to non localhost interface.
Date Fri, 06 Apr 2007 01:14:29 GMT
Thanks for the comments, Myrna!

> I am also wondering if allowing remote servers to get started - and
> stopped - would pose a security risk. Unless the app server is started
> with security manager, I guess.

Do you think that allowing the hostname value to be set in the web.xml
makes the security risk worse?

> I admit, I always interpreted the servlet more in the line of a demo
> than a heavy-weight tool.

Yes, I agree. I take your meaning to be that, since NetServlet.java uses
public APIs of the NetworkServerControl class, anyone who wanted a more
capable and/or secure implementation could build their own servlet code,
using the NetServlet.java code as a starting point. Is that what you meant?

thanks,

bryan



Mime
View raw message