tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From JavaNet developer <j...@javanet.info>
Subject safety deploy in tomcat in a shared enviroment
Date Sun, 03 Feb 2002 17:40:59 GMT
Hi Micael,
probably I was unclear. I want to avoid insecure code to being executed.
Is it useful to run multiple JVM? If yes how... and so on...

I want to make java hosting for unknown java user code, so I need to take 
attention on system resources and insecure servlet/jsp code.
I like to provide a sort of secure sandbox for running servlet and jsp to 
external users.
What type of restriction I have to make?



//
my environment is:
kernel 2.4 (RedHat o SuSe)
OpenSSH (opz. OpenSSL)
Apache 1.3
Jakarta Tomcat 3.3, Velocity, Turbine, Ant, ORO ....
JDK 1.3
MySQL 3.3
Qmail - Courier IMAP (and other programs like vpopmail .....)

thank you
Eli



At 09.02 03/02/2002 -0800, you wrote:
>Not sure of what sort of security you are trying to develop, Eli.  Be more 
>specific.  There are lots of available solutions for lots of differing 
>objectives.  For example, do you just want to avoid hackers, people 
>jumping into the middle of your site, returns to sensitive pages, etc.?
>
>Micael
>
>At 06:03 PM 2/3/02 +0100, you wrote:
>
>>>Hi to all,
>>>I need to setup a linux-box to host user application in a safety 
>>>environment.
>>>I already read how to setup a Java SecurityManager.
>>>Is this the only attention I have look for?
>>>
>>>If someone had got experience in hosting solution using Tomcat please 
>>>send me
>>>a guideline to check for common security problem, or a list of url to 
>>>look for doc.
>>>every hints is mostly appreciated.
>>>
>>>thank you
>>>Eli Spizzichino
>>
>>
>>
>>--
>>To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
>>For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
>>Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>
>
>
>
>--
>To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
>For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
>Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>
>



--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message