On Tue, Aug 17, 1999 at 10:29:10AM -0400, B F Caviness (Bob) wrote:
> I am interested in teaching about servlets, but my computing support people
> are concerned about security issues (rightly so) if students (and faculty)
> are able to write and test servlets with little supervision. They point me
> to the Apache web page on servlet security concerns:
> http://java.apache.org/jserv/security.html
> Is anyone else teaching about servlets in a university or similar open
> environment that can give me suggestions on how to deal with these
> problems.
The most important point -- that's not mentioned on that page --
is that the Apache JServ engine can be run as a user with very minimal
access, IE, "nobody". You can even configure the server to run a separate
engine for each user; that would limit damage to what the user could
inflict without servlets.
--
[EMAIL PROTECTED]
"Hey, is that sheep OK? It looks kinda wired."
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
