tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From George Sexton <gsex...@mhsoftware.com>
Subject Re: [VOTE] Release build 5.5.27
Date Wed, 03 Sep 2008 20:00:14 GMT
I will try a wild-card permission and see what happens.

Rainer Jung wrote:
> George Sexton schrieb:
>> Rainer Jung wrote:
>> I have 250+ virtual hosts per tomcat instance. It seems like a lot of
>> overhead that I'm not interested in.
>>
>> How would I add the correct configuration to catalina.policy for 250
>> virtual hosts/contexts into catalina.policy?
>>
>> It seems to me that I would have to either make many entries or make one
>> generic entry that over-assigns permissions.
>>
>> Complicating matters, using the host manager, I deploy new virtual
>> hosts/contexts on the fly while the servlet engine is running. Is there
>> a mechanism for dynamically updating catalina.policy?
> 
> How about adding something like
> 
>    permission java.io.FilePermission
>    "${catalina.base}${file.separator}webapps/-", "read";
> 
> to the block starting with
> 
>    grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar"
> 
> The security manager should mainly protect you somehow against malicious
>  webapp code. So giving those permissions to tomcat-juli doesn't seem to
> be to big a problem. You can even narrow that down to giving it only to
> the class org.apache.juli.ClassLoaderLogManager.
> 
> I don't know how the file system layout of the webapps for all your
> vhosts looks like, but wouldn't something like this be a good compromise
> for 5.5.27?
> 
> Regards,
> 
> Rainer
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
> 

-- 
George Sexton
MH Software, Inc.
Voice: +1 303 438 9585
URL:   http://www.mhsoftware.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message