tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Omar Eljumaily" <o...@omnicode.com>
Subject Security issues
Date Thu, 26 Apr 2001 17:28:52 GMT
Hi,
    I have a couple of questions about security.  If
someone can point me to a good link, that would 
be great.

    What I want to do is set up a series of sites one a single
machine each with its own access to a jdbc database.  I have
a connection pool that uses passwords and urls
from a config file and assumes that anybody requesting
is secure.  My assumption that anybody requesting
is secure is what worries me.

    If I make one database per JVM and I'm running
in tandem with Apache, is there a way that I can
know for sure that another process from the same
machine isn't "spoofing" me?  I can firewall or use
config settings to secure against requests from other
machine's but is there a way to do this against 
local processes?

    If there is a method to do this, can it be done
with different users using the same JVM?  I thought
of examining HttpServletRequest objects but those
can be modified.


Thanks,

Omar



Mime
View raw message