Hi,
-----Original Message-----
From: Timothy Gallagher [SMTP:[EMAIL PROTECTED]]
As I was searching for a Servlet Hosting company, I ran across several
companies that has security issues about the JServ servlet engine.
There general statement was that it is not as secure as JRun or other
servlet engines. Since I could not get any specifics about the security
issue, could someone tell me about security and servlet engines?
In general, I don't see servlets being any less secure than a CGI
program in Perl or 'C'.
I would like to hear more about how JServ could be less secure than JRun,
doesn't seem right.
Could you elaborate or perhaps post some URLS?
These are some security issues I thought of...
...servlets from different domains running inside the same JVM.
This opens up the possibility that one domain's servlets may interact with
another domain's servlets, maliciously or not. This arrangement is also
less stable since one domain's servlet may bring down the JVM (presumably
using another class something that has some native component, like a JDBC
driver) and thus take down other domains with it. This is also a good
reason for not running a servlet engine JVM inside the httpd process.
I think the best situation with regard to security would be to service each
domain in a separate JVM outside of the httpd process.
JDK 2's security features could be used to improve the situation when
servicing multiple domains in a single JVM by using a security manager for
each domain, thus eliminating any possible interaction between java classes.
This approach has the drawback that the administrator must configure twice
for each domain (creating a user ID AND configuring the servlet engine).
Because CGI scripts runs in separate processes the OS enforces the
segregation of domains.
...the ID that the servlet engine JVM runs under.
I think most administrators would like to see servlet engines run under the
user ID of the domain associated with it. This way they can be sure that
the OS isn't going to let servlets do anything that a CGI script couldn't
do.
CGI has OS enforced security since CGI scripts run under the domain's
ID(most probably).
...how web server communicates with servlet engine.
Only authorized web servers should be allowed to communicate with servlet
engines. Nobody should be able to bypass the web server and go directly to
a servlet engine. Optional: the communication between the web server and
servlet engine should be encrypted or they should communicate on some
channel that can't be monitored by outsiders, like Unix Domain Sockets,
named pipes, or memory mapped files, instead of TCP Sockets.
The web server writes to a CGI script's standard input stream and reads from
the standard output stream, thus the security of the communication between
web server and CGI script is enforced by the OS.
Comments are welcome.
ted stockwell
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
