You are viewing a plain text version of this content. The canonical link for it is here.
Posted to general@jakarta.apache.org by "Preston L. Bannister" <pr...@home.com> on 1999/07/10 02:58:44 UTC
Whitepaper covering servlet security on a shared server?
> James Duncan Davidson wrote:
> > Yes, a fair amount of education would go a very long way. Anybody ready
> > to write up a whitepaper about Servlets and ISPs?
From: Chris [mailto:chrisl@hamptons.com]
> Does 'Ready but completely unqualified' count?
Hey! Count me in on this category :).
I have a pretty strong interest in seeing a whitepaper about Servlets and
security. I don't claim to be an expert on the subject (is anyone?), but if
no one more qualified steps forward, I'd be willing to collect notes and put
together a whitepaper.
I've been using an ISP that wants to allow servers as an example (mutually
distrustful servlet-based applications running in one machine). My
immediate concern is how to securely host servlets a IBM OS/390 mainframe
(potentially a monster server).
Seems that IBM WebSphere uses something called WLM to run a distinct JVM for
each application's set of servlets. Sounds similar to what I've seen
described for Jserv. This approach likely works quite well a for a server
hosting a handful of servlet-based applications. I'm not sure this approach
suits an ISP where you really want something like a per-user sandbox
(cheaper than another JVM).