tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Glenn Nielsen <gl...@voyager.apg.more.net>
Subject Re: tomcat.policy limitation?
Date Sun, 22 Jul 2001 05:21:51 GMT
Joe Flowers wrote:
> 
> > > I want to create a bunch of user/programmer subdirectories like
> > >
> > > "/usr/tomcat/jakarta-tomcat-3.2.2/webapps/ROOT/WEB-INF/classes/joe/"
> > > "/usr/tomcat/jakarta-tomcat-3.2.2/webapps/ROOT/WEB-INF/classes/tom/"
> > > "/usr/tomcat/jakarta-tomcat-3.2.2/webapps/ROOT/WEB-INF/classes/henry/"
> > > etc.
> > >
> > > so that I can grant all servlets in these directories and subdirectories
> > > read/write access to their own separate directory structure so they
> > > won't be able to write over anyone elses files, including the "system"
> > > files, of course.
> > >
> >
> > The above isn't possible with the Java SecurityManager.
> > A permission is granted to a CodeBase, all classes in WEB-INF have the
> > same CodeBase.
> 
> Thanks a lot Glenn!
> 
> In your above comment, did you mean that it "isn't possible with the
> Java SecurityManager" with Tomcat 3.x or 4.x or both?
> 

It isn't possible at all for any application.

In case you have questions in the future, you may want to refer to the
presentation I did on Tomcat Server and Application Security at ApacheCon
2001.

http://www.more.net/events/apachecon2001/

Regards,

Glenn

----------------------------------------------------------------------
Glenn Nielsen             glenn@more.net | /* Spelin donut madder    |
MOREnet System Programming               |  * if iz ina coment.      |
Missouri Research and Education Network  |  */                       |
----------------------------------------------------------------------

Mime
View raw message