tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Glenn Nielsen <gl...@voyager.apg.more.net>
Subject Re: VOTE: JDK1.2 compiler
Date Tue, 13 Jun 2000 18:37:26 GMT
The major new feature that requires 1.2 is allowing the Java SecurityManager
to be used with Tomcat and Jasper.  There are significant improvements to
the Java SecurityManager in 1.2 over those available in 1.1 that dictated
using the 1.2 version of the SecurityManager.  Use of the SecurityManager
when running Tomcat is optional.

The Java SecurityManager is what allows your browser to run an applet
in its own sandbox to prevent untrusted code from accessing files
on your local system, connecting to a host other than the one the
applet was loaded from, etc.

In the same way the SecurityManager protects you from an untrusted
applet running in your browser, use of a SecurityManager while running
Tomcat can protect your server from trojan servlets, JSP's, JSP beans,
and tag libraries.  Or even inadvertant mistakes.

The above is from the first two paragraphs of doc/uguide/tomcat_security.txt
which can be found in the nightly build.

Use of the SecurityManager is especially important if you have "untrusted"
people publishing JSP pages, such as a web hosting service.  Use of the
SecurityManager provides another layer of defense to prevent your server
from being compromised.

Regards,

Glenn

zzzeek wrote:
> 
> what are the 1.2 features being used that so many other JSP
> implementations do not need?  Im not as concerned over using 1.2 compilers
> as I am over what kind of overly complex design is demanding the use of
> 1.2-only reflection, "complex code", etc.
> 
> On Tue, 13 Jun 2000, Danno Ferrin wrote:
> 
> > Given the movement in MacOSX, Linux/IBM, and BSDi
> >
> > +1 to 1.2 compiler, and
> > +1 to removing 1.1 at some point prior to 4.0 (3.3 is my recommendation)
> >
> > costin@costin.dnt.ro wrote:
> > >
> > > Hi,
> > >
> > > I want to know where do we stand with this issue: please send your vote
> > > about removing the requirement of a JDK1.1 compiler.
> > >
> > > Tomcat will still be usable with JDK1.1 and will support it, but for
> > > compilation you'll have to use a JDK1.2 compiler ( or jikes or any 1.1
> > > compiler with a JDK1.2 library in classpath ).
> > >
> > > The problem is that it's very hard and ugly to support jdk1.2 features
> > > that can be compiled with JDK1.1.
> > >
> > > It is reasonably easy to support JDK1.1 - by using the 1.2 objects only in
> > > local variables and inside if() blocks - if the code is never called the
> > > object will not be instantiated.
> > >
> > > I know that some of you may use JDK1.1 - and I agree it's important to
> > > support it, but supporting the compiler is really hard - and it doesn't
> > > seem to be too many people interested in helping with that. It just add a
> > > big overhead to anyone who contributes code ( reflection, conditional
> > > builds, complex code, etc).
> > >
> > > Costin
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org

-- 
----------------------------------------------------------------------
Glenn Nielsen             glenn@more.net | /* Spelin donut madder    |
MOREnet System Programming               |  * if iz ina coment.      |
Missouri Research and Education Network  |  */                       |
----------------------------------------------------------------------

Mime
View raw message