Use Tomcat with Java SecurityManager?
Posted
by pauline
on Stack Overflow
See other posts from Stack Overflow
or by pauline
Published on 2009-08-14T11:03:23Z
Indexed on
2010/04/22
13:33 UTC
Read the original article
Hit count: 293
I'm writing a web application that is supposed to run on Tomcat on Ubuntu. On Ubuntu, Tomcat is per default configured to run with the Java SecurityManager. Besides my own web application, there will only be some well known third party web applications related to my own, like the BIRT report engine.
If one of the web applications fails or gets compromised, it may take down all the others without harm, because they all belong together. What I don't wont to happen is that a compromised web app compromises the system itself, like calling rm -r /
Do I need to use the java security manager to achieve this? Or is it only necessary to protect one web app from the other? I'd really like to prevent the effort to create .policy files for all the 3rd party web applications I intend to use.
© Stack Overflow or respective owner