Security

[Matt Anderson <mu...@swiftdsl.com.au>]

Hi All,
    This is the first time I have used this list so this question may have
been asked many times before, however I tried to download previous message
but were unsucessful. My question is, how do you configure the security
manager to disable things like System.exit() and Runtime.exec() and even
some of the java.io.* package functions. I have read the how-to and I am
still a little confused. I would appreciate any guidance on this and any
examples too. Thank you all for taking the time to read this and I look
forward to your response.

Kindest Regards,
    Matt Anderson


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: Security

[Adam Hardy <ah...@cyberspaceroad.com>]

On 03/21/2004 05:53 AM Matt Anderson wrote:
> Hi All,
>     This is the first time I have used this list so this question may have
> been asked many times before, however I tried to download previous message
> but were unsucessful. My question is, how do you configure the security
> manager to disable things like System.exit() and Runtime.exec() and even
> some of the java.io.* package functions. I have read the how-to and I am
> still a little confused. I would appreciate any guidance on this and any
> examples too. Thank you all for taking the time to read this and I look
> forward to your response.

Hi Matt,
welcome to the list! Unfortunately it seems like you have posted a 
question that's too vague for anyone to give a direct answer to. Try 
coming back with a specific problem, and you're far more likely to get a 
good response.

Adam
-- 
struts 1.1 + tomcat 5.0.16 + java 1.4.2
Linux 2.4.20 Debian


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

RE: Security

[Mark Thomas <ma...@apache.org>]

Matt,

Your best bet is to read the security manager documentation provided as part of
the SDK. It should be located in JAVA_HOME\docs\guide\security\permissions.html
and JAVA_HOME\docs\guide\security\PolicyFiles.html 

I can't remember if these docs are part of the standard download or whether you
need to download the separate docs package.

Bear in mind that tomcat might need some of the permissions you are looking to
restrict. The sample security policy file provided
(TOMCAT_HOME\conf\catalina.policy) provides more details. One option would be to
just restrict the deployed web applications rather than the entire tomcat
installation. Again, see catalina.policy for more information.

Regards,

Mark

> -----Original Message-----
> From: Matt Anderson [mailto:muss@swiftdsl.com.au] 
> Sent: Sunday, March 21, 2004 4:54 AM
> To: tomcat-user@jakarta.apache.org
> Subject: Security
> 
> Hi All,
>     This is the first time I have used this list so this 
> question may have
> been asked many times before, however I tried to download 
> previous message
> but were unsucessful. My question is, how do you configure 
> the security
> manager to disable things like System.exit() and 
> Runtime.exec() and even
> some of the java.io.* package functions. I have read the 
> how-to and I am
> still a little confused. I would appreciate any guidance on 
> this and any
> examples too. Thank you all for taking the time to read this 
> and I look
> forward to your response.
> 
> Kindest Regards,
>     Matt Anderson
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org