geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joseph Leong" <josephcle...@gmail.com>
Subject Re: GBean permissions: how important are they?
Date Fri, 08 Feb 2008 16:28:54 GMT
Hi, just giving my two cents.  First, I'm not an expert of any sort, but i
guess a user point of view wouldn't hurt.  I've poked around here and there
with hosting solutions and recall the feeling of what some users are looking
for.  It goes along very similarly to what Donald had just previously
mentioned.

The general opinion, i've gauged, is that when someone is looking for a web
app solution they want to govern it for their own specific system.  Along
with that, i think it brings along the implied security because the only one
controlling the app server is the one who intended to have it.  So i could
understand why it seems they may go with a VM a VPS/DS etc and deploy their
own instance of the App Server to guarantee them the environment and
performance they're looking.  On the contrary, that is to go with the
assumption that the app server admin knows exactly what they are deploying.
I do think the security implementation would still help for the
scenarios/stability where there admin may have deployed an app that
inadvertently or maliciously tampers with the other components.

However, I could see how the scenario you're talking about would exist (not
sure to what extent) because it's additional service a host can offer for a
lot less configuration/deploying work.
The only two scenarios that i can think of for a shared app server is if:
1) There was some sort of a service where a provider is trying to offer a
reseller type service, for those who don't want to or know how to manage an
app server but want to add it to their product arsenal.
2) A provider wants to offer an app server solution for users who don't know
how to manage one, but want to shortcut setting up the groundwork for
multiple instances and management.

On another thought, it seems that stability and uptime is key in the hosting
industry and the multiple instances of the app server is a Great
preventative measure for a hosting provider to increase stability from one
client to another.   I guess the main tradeoff would be memory, but to the
hosting service provider thats pretty cheap tradeoff for higher stability?

Anyhow, i'm just rambling my thoughts.. But i'd also really love to here
what others users think as well.

Wishing you all the best,
Joseph Leong

On Feb 8, 2008 4:43 AM, Vamsavardhana Reddy <c1vamsi1c@gmail.com> wrote:

> I have always felt that Geronimo won't be suitable for a hosting kind of
> environment where applications owned by unrelated parties may be hosted on
> the same server (does such a thing happen in reality?).  Irrespective of
> this, GBeans permissions appears to be something we can consider to have.
> The following is an excerpt from a private conversation I had with David
> Jencks on IRC.  Read on...
>
> *vamsic007:* The usability of Geronimo in a hosting kind of environment
> has always bothered me.
> *djencks  :* how?
> *vamsic007:* Any application running in G can get hold of any other
> application related GBeans and do what ever
> *vamsic007:* Any app can stop any configuration it wishes to
> *djencks  :* realistically does anyone run apps from unrelated people on
> the same server?
> *vamsic007:* won't that be the situation in a hosting environment?
> *djencks  :* I don't know
> *djencks  :* I would expect if I rent server space I'd probably get my own
> vm
> *djencks  :* but I'm not a hosting company
> *vamsic007:* hmm...
> *vamsic007:* will have to find out if my concern is genuine or I am
> worried unnecessarily.
> *vamsic007:* I always thought that we should have a mechanism to enforce
> GBean permissions.
> *djencks  :* I can see several places gbean permissions could work
> *djencks  :* 1. getting gbean from kernel. This is pretty non-intrusive
> *djencks  :* 2. actually calling operations/accessing attributes on a
> gbean. I think this would require putting proxies back in
> *djencks  :* there's also a bootstrap question of what enforces the
> permissions until the jacc system is operational
> *djencks  :* since e.g datasources bound in jndi end up calling a gbean
> operation to get the datasource, this would have a lot of intersection with
> the normal server operations
> *vamsic007:* May be I will initiate a discussion on this on
> private@geronimo to get others inputs too. I do not want to go on dev-list
> coz it is related to security and do not want to make the users feel
> insecure unnecessarily.
> *djencks  :* I'd prefer to talk about it on dev, I think we could use all
> the input we can get.
> *vamsic007:* thanks David.
>
> Comments?  Suggestions?  Am I worried unnecessarily?  Are GBean
> permissions something that we should consider?
>
> Thank you.
>
> ++Vamsi
>
>

Mime
View raw message