Watch out for this one. I had this problem with HostPro. This host got a
rating of less than 2 out of 5.
What happened with me is that my servlet's username was www like yours.
Unfortunately the server had no way of distinguishing between users since all
servlets on the system were using www. This meant that anyone can get into the
files that your servlet creates. Think your directory is safe at least? Think
again with HostPro. Apparently www had sortof guest priveleges with read
access to all general files like the server log files, .login scripts, and all
the virtual website folders.
I would call the company up and demand that they change it. This may be due to
them running all servlets in the same JVM. I switched to an isp that allows
you to manage your own JVM. Very nice.
If they can't change it then leave. It is a huge security risk. The only way
around it is to encrypt all of your files that your servlet creates but this
just puts a small roadblock in the way of anyone with a www username who
seriously is hacking through all the other sites on the system.
Matt
Quoting Peter Wayner <[EMAIL PROTECTED]>:
> I've just moved a servlet to a shared host and this means I don't
> have the same access to root that I used to enjoy. This is turning
> out to be a problem because the servlet runs as user www and creates
> files and directories under this name. I haven't figured out how to
> chmod them or chown them. Any suggestions?
>
> Thanks,
>
> Peter
>
> ___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
> body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
