tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From JavaNet developer <>
Subject safety deploy in tomcat in a shared enviroment
Date Sun, 03 Feb 2002 17:40:59 GMT
Hi Micael,
probably I was unclear. I want to avoid insecure code to being executed.
Is it useful to run multiple JVM? If yes how... and so on...

I want to make java hosting for unknown java user code, so I need to take 
attention on system resources and insecure servlet/jsp code.
I like to provide a sort of secure sandbox for running servlet and jsp to 
external users.
What type of restriction I have to make?

my environment is:
kernel 2.4 (RedHat o SuSe)
OpenSSH (opz. OpenSSL)
Apache 1.3
Jakarta Tomcat 3.3, Velocity, Turbine, Ant, ORO ....
JDK 1.3
MySQL 3.3
Qmail - Courier IMAP (and other programs like vpopmail .....)

thank you

At 09.02 03/02/2002 -0800, you wrote:
>Not sure of what sort of security you are trying to develop, Eli.  Be more 
>specific.  There are lots of available solutions for lots of differing 
>objectives.  For example, do you just want to avoid hackers, people 
>jumping into the middle of your site, returns to sensitive pages, etc.?
>At 06:03 PM 2/3/02 +0100, you wrote:
>>>Hi to all,
>>>I need to setup a linux-box to host user application in a safety 
>>>I already read how to setup a Java SecurityManager.
>>>Is this the only attention I have look for?
>>>If someone had got experience in hosting solution using Tomcat please 
>>>send me
>>>a guideline to check for common security problem, or a list of url to 
>>>look for doc.
>>>every hints is mostly appreciated.
>>>thank you
>>>Eli Spizzichino
>>To unsubscribe:   <>
>>For additional commands: <>
>>Troubles with the list: <>
>To unsubscribe:   <>
>For additional commands: <>
>Troubles with the list: <>

To unsubscribe:   <>
For additional commands: <>
Troubles with the list: <>

View raw message