Use Tomcat with Java SecurityManager?

Posted by pauline on Stack Overflow See other posts from Stack Overflow or by pauline
Published on 2009-08-14T11:03:23Z Indexed on 2010/04/22 13:33 UTC
Read the original article Hit count: 293

Filed under:
|
|
|

I'm writing a web application that is supposed to run on Tomcat on Ubuntu. On Ubuntu, Tomcat is per default configured to run with the Java SecurityManager. Besides my own web application, there will only be some well known third party web applications related to my own, like the BIRT report engine.

If one of the web applications fails or gets compromised, it may take down all the others without harm, because they all belong together. What I don't wont to happen is that a compromised web app compromises the system itself, like calling rm -r /

Do I need to use the java security manager to achieve this? Or is it only necessary to protect one web app from the other? I'd really like to prevent the effort to create .policy files for all the 3rd party web applications I intend to use.

© Stack Overflow or respective owner

Related posts about tomcat

Related posts about security