tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <>
Subject Re: Running Tomcat for an ISP
Date Thu, 05 Oct 2000 01:26:47 GMT
"Taglang, Guillaume" wrote:

> Hi,
> 2 questions about using Tomcat for an ISP:
>   - can I prevent users to make a System.exit()

Under Java2 (JDK1.2 or later), Tomcat 3.2 lets you run webapps under a
SecurityManager, so that you can fine tune the permissions that each webapp
can have.  Besides restricting System.exit(), you can impose any other
restrictions (like access to only certain network ports on certain hosts, or
access to only certain directories) supported by the protection model of

One thing to remember, though, is that a JVM operates under a single
operating system username.  Therefore, if you are running multiple webapps in
the same JVM (for different customers), the files are all accessible (at the
OS level) to non-Java programs running under that login.  See more below.

>   - can I prevent crashing when the user use a buggy native library (core
> dump)?

How about not allowing native libraries?

What ISP operators might want to think about is a two-tiered pricing model --
a higher price to have your own JVM, running under your own OS username, in
which you can run your own webapps but nobody elses (so if you crash it you
only hurt yourself), and an economy price for a shared JVM environment.  This
avoids the issue about OS user identity being shared as well.

On the other hand, with hardware being relatively cheap, it's probably
simpler to stick with just the JVM-per-customer approach and put up a farm of
servers of appropriate size so that you don't care about the higher memory

> Regards,
> Guillaume

Craig McClanahan

See you at ApacheCon Europe <>!
Session VS01 (23-Oct 13h00-17h00):  Sun Technical Briefing
Session T06  (24-Oct 14h00-15h00):  Migrating Apache JServ
                                    Applications to Tomcat

View raw message