Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 99865 invoked from network); 7 May 2006 22:28:41 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 7 May 2006 22:28:41 -0000 Received: (qmail 41121 invoked by uid 500); 7 May 2006 22:28:28 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 41098 invoked by uid 500); 7 May 2006 22:28:27 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 41087 invoked by uid 99); 7 May 2006 22:28:27 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 07 May 2006 15:28:27 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: domain of mspetrovic@gmail.com designates 64.233.162.200 as permitted sender) Received: from [64.233.162.200] (HELO nz-out-0102.google.com) (64.233.162.200) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 07 May 2006 15:28:26 -0700 Received: by nz-out-0102.google.com with SMTP id 12so1140729nzp for ; Sun, 07 May 2006 15:28:04 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=FbnEoTMJdzKhfzl8Pt/Fgk9zwwBd1HH1lq7oRancJca/6nzA589PHwdGFF+EDpI1eJ882WMVCKTvyKAnij/CIiXWlZcqPyxmmSE/FtEy6lZBVqiDtessWSsGkouRDcdQuNEysY/OK8RqtNCBJpp/PymDPK91fOPdj0Eloi40VDM= Received: by 10.65.234.18 with SMTP id l18mr685309qbr; Sun, 07 May 2006 15:28:01 -0700 (PDT) Received: by 10.65.192.4 with HTTP; Sun, 7 May 2006 15:28:01 -0700 (PDT) Message-ID: <652b9c0b0605071528k20c22c87j6ed89fdd4435616e@mail.gmail.com> Date: Sun, 7 May 2006 15:28:01 -0700 From: "Mark Petrovic" To: users@tomcat.apache.org Subject: Re: Living a Tomcat life with the catalina.policy file: policy file analysis tools In-Reply-To: <652b9c0b0605070902v14a1eff0o5196189d1f285b5d@mail.gmail.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_24499_29085893.1147040881719" References: <652b9c0b0605070902v14a1eff0o5196189d1f285b5d@mail.gmail.com> X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N ------=_Part_24499_29085893.1147040881719 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline I got to thinking about this tool problem. Here is a a bit of basic work o= n a tool to generate a catalina.policy file. Time will tell if it's useful. Someone may have already solved this problem, but it's all fun. http://www.petrovic.org/blog/?p=3D134 On 5/7/06, Mark Petrovic wrote: > > Good day. > > This is a newbie question. > > Having spent a bit of time manually editing via trial and error my > catalina.policy file just right so my webapp would run leaves me wonderin= g > whether there is a tool that can be responsibly used to show you what th= e > policy file should look like if the app is to get its job done. > > I spent a lot of time examining the various security violations in > catalina.out, and concluded that while it may not be trivial, it is > conceivable that a tool could automate the production of a farily > fine-grained policy file to show you what the app ideally needs to run. = And > you could edit from there as needed. > > Are there such tools? > > Thank you. > > -- > Mark > AE6RT > -- Mark AE6RT ------=_Part_24499_29085893.1147040881719--