You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2011/07/10 12:59:45 UTC
svn commit: r1144818 - in /tomcat/trunk/webapps/docs: changelog.xml
security-howto.xml
Author: markt
Date: Sun Jul 10 10:59:45 2011
New Revision: 1144818
URL: http://svn.apache.org/viewvc?rev=1144818&view=rev
Log:
7.0.18 not released
Modified:
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/docs/security-howto.xml
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1144818&r1=1144817&r2=1144818&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Sun Jul 10 10:59:45 2011
@@ -81,6 +81,15 @@
</update>
</changelog>
</subsection>
+ <subsection name="Web applications">
+ <changelog>
+ <add>
+ Add additional information to the documentation web application on the
+ benefits and remaining risks when running under a security manager.
+ (markt)
+ </add>
+ </changelog>
+ </subsection>
<subsection name="Other">
<changelog>
<update>
Modified: tomcat/trunk/webapps/docs/security-howto.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/security-howto.xml?rev=1144818&r1=1144817&r2=1144818&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/security-howto.xml (original)
+++ tomcat/trunk/webapps/docs/security-howto.xml Sun Jul 10 10:59:45 2011
@@ -83,7 +83,20 @@
sandbox, significantly limiting a web application's ability to perform
malicious actions such as calling System.exit(), establishing network
connections or accessing the file system outside of the web application's
- root and temporary directories.</p>
+ root and temporary directories. However, it should be noted that there are
+ some malicious actions, such as triggering high CPU consumption via an
+ infinite loop, that the security manager cannot prevent.</p>
+
+ <p>Enabling the security manager is usually done to limit the potential
+ impact, should an attacker find a way to compromise a trusted web
+ application . A security manager may also be used to reduce the risks of
+ running untrusted web applications (e.g. in hosting environments) but it
+ should be noted that the security manager only reduces the risks of
+ running untrusted web applications, it does not eliminate them. If running
+ multiple untrusted web applications, it is recommended that each web
+ application is deployed to a separate Tomcat instance (and ideally separate
+ hosts) to reduce the ability of a malicious web application impacting the
+ availability of other applications.</p>
<p>Tomcat is tested with the security manager enabled; but the majority of
Tomcat users do not run with a security manager, so Tomcat is not as well
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org