tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Crowther <peter.crowt...@melandra.com>
Subject Re: How to access files in network drive
Date Sun, 03 Jan 2010 11:24:27 GMT
2010/1/3 WM C <doublecrest@live.com>

> The problem is that now we have two web apps, each needs to access
> different drive, each drive has different user access control list - in this
> case, running Tomcat using one user will only make one app work, while fail
> another (for security reason, we cannot allow one user to access both
> drives).
>
> So looks like I have to run two Tomcat instances?
>
> If your security policy insists on that separation, you should run two
Tomcat instances, yes.  Running one Tomcat instance that can access both
drives is *itself* a security risk, as then any user who can control that
Tomcat instance can access both drives, which your security policy forbids.

The alternative is to review your security policy.  Most organisations I've
seen will go for the most fantastic, long-winded and often incredibly
insecure technical solutions rather than review their existing security
policy in the light of new organisational requirements.

- Peter

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message