Hi all,
As you will have seen I'm starting to work on removing references to the
SecurityManager. Doing this has raised a couple of questions about
related features.
If there is no SecurityManager then everything deployed to Tomcat has to
be assumed to be trusted. Or Tomcat has to be run in an isolated
environment (container, VM, etc) with appropriate controls implemented
at the boundary of that environment.
If Tomcat operates on the basis of everything is trusted, do we still
need the following features:
- privileged property on Context
- ContainerServlet interface
- concept of restricted Servlets / Filters / Listeners
- configuration defaults that change when in "secure" mode
and probably several more I haven't come across yet.
Thinking about it logically, none of the above features are required in
an environment that doesn't have a SecurityManager so they should all be
removed. Despite that, I still have a nagging feeling I am missing
something.
Thoughts?
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
