I have long had this curiosity. Suppose I run a web/servlet container (such as Tomcat), and I permit other users to host their web content under their user directory, etc. How does one go about preventing malicious activity by the arbitrary users? For example, as a user of such a service, I could simply open a file for write on the server machine and start writing whatever I wanted.
I can think of two possible solutions: 1) Manual inspection of code before it is permitted to be hosted; laborious and error-prone. 2) Install a SecurityManager on the container that only permits a set of restricted operations; Potentially error-prone.
A security manager would be the way to go. It's not hard to set one up, and error-prone only insofar as one has to think of all the malicious things users might try to do. Probably better to start out by giving them too few permissions, and correct it as they complain.
@Scott: I'm intrigued - All web apps would run under the same user account (the same one Tomcat runs under), so how could you stop them writing over each others directories using filesystem permissions? [ November 09, 2005: Message edited by: Ulf Dittmer ]
Originally posted by Ulf Dittmer: @Scott: I'm intrigued - All web apps would run under the same user account (the same one Tomcat runs under), so how could you stop them writing over each others directories using filesystem permissions?
Good point, I forgot the Tomcat user is the same irregardless of 'where' the files are located. Operating system settings would only come into play if each user was running their own instance of Tomcat. Hmmm... wonder if there is a way to force the operating system settings forward though... going to think about this one.
Joined: Sep 24, 2003
So in conclusion, everyone is as confused as I am?