tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From JavaNet developer <>
Subject RE: safety deploy in tomcat in a shared enviroment
Date Mon, 04 Feb 2002 10:04:19 GMT

>Hi Micael,
>probably I was unclear. I want to avoid insecure code to being executed.
>Is it useful to run multiple JVM? If yes how... and so on...
>I want to make java hosting for unknown java user code, so I need to take 
>attention on system resources and insecure servlet/jsp code.
>I like to provide a sort of secure sandbox for running servlet and jsp to 
>external users.
>What type of restriction I have to make?
>my environment is:
>kernel 2.4 (RedHat o SuSe)
>OpenSSH (opz. OpenSSL)
>Apache 1.3
>Jakarta Tomcat 3.3, Velocity, Turbine, Ant, ORO ....
>JDK 1.3
>MySQL 3.3
>Qmail - Courier IMAP (and other programs like vpopmail .....)
>thank you
>At 09.02 03/02/2002 -0800, you wrote:
>>Not sure of what sort of security you are trying to develop, Eli.  Be 
>>more specific.  There are lots of available solutions for lots of 
>>differing objectives.  For example, do you just want to avoid hackers, 
>>people jumping into the middle of your site, returns to sensitive pages, etc.?
>>At 06:03 PM 2/3/02 +0100, you wrote:
>>>>Hi to all,
>>>>I need to setup a linux-box to host user application in a safety 
>>>>I already read how to setup a Java SecurityManager.
>>>>Is this the only attention I have look for?
>>>>If someone had got experience in hosting solution using Tomcat please 
>>>>send me
>>>>a guideline to check for common security problem, or a list of url to 
>>>>look for doc.
>>>>every hints is mostly appreciated.
>>>>thank you
>>>>Eli Spizzichino
>>>To unsubscribe:   <>
>>>For additional commands: <>
>>>Troubles with the list: <>
>>To unsubscribe:   <>
>>For additional commands: <>
>>Troubles with the list: <>

To unsubscribe:   <>
For additional commands: <>
Troubles with the list: <>

View raw message