> Hi:
>
> We have a security concern about servlets running as the web server
> UID/GID. Also, every developer in the same zone can access all of the
> other servlets in that zone, right?
Right.
> This means adding a new zone each time
> a new developer wants to do a project on our central server.
Right.
> I've been looking through the online documents and I see suggestions such
> as putting each developer in a separate zone and/or running multiple
> JServs. From my point of view as a system manager, this creates a very
> complicated system when you have multiple developers using central servers
> (which is our case).
I'm sorry you feel that way.
> There is mention of future changes to JServ to allow control of UID/GID via
> the configuration files. Can someone elaborate on this?
There is a mention of future changes to JServ to take advantage of JDK 1.2
security features. I don't think that includes UID/GID stuff.
> We currently run
> our Apache servers with special UID/GID's and we also use CGIWrap to
> restrict what developer's CGI programs can do.
Wow, you don't trust your developers. ;-)
> We have three main central web servers and dozens of developers. So far, I
> have found this concept of zones and mount points to be very confusing and
> difficult to setup. Am I the only one that feels this way?
Yes. ;-) I suggest that you read the White Papers on the
java.apache.org/jserv/ site. It will make this stuff really clear.
>Is this a
> design thing driven by the way Java works or what?
Please read the white papers.
-jon
----------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://www.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
