wood burning stoves 2.0*
The moose likes EJB and other Java EE Technologies and the fly likes Container security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Bookmark "Container security" Watch "Container security" New topic
Author

Container security

Tony Morris
Ranch Hand

Joined: Sep 24, 2003
Posts: 1608
I have long had this curiosity.
Suppose I run a web/servlet container (such as Tomcat), and I permit other users to host their web content under their user directory, etc. How does one go about preventing malicious activity by the arbitrary users? For example, as a user of such a service, I could simply open a file for write on the server machine and start writing whatever I wanted.

I can think of two possible solutions:
1) Manual inspection of code before it is permitted to be hosted; laborious and error-prone.
2) Install a SecurityManager on the container that only permits a set of restricted operations; Potentially error-prone.

Just how is it usually done?


Tony Morris
Java Q&A (FAQ, Trivia)
Scott Selikoff
author
Saloon Keeper

Joined: Oct 23, 2005
Posts: 3710
    
    5

For file access, the operating system can prevent users from reading/writing to areas they don't have access (assuming this is Unix of NTFS, for FAT there is no support).

Without a security manager though a user can still perform malicious operations such as having infinite loops that tie up resources.


My Blog: Down Home Country Coding with Scott Selikoff
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42047
    
  64
A security manager would be the way to go. It's not hard to set one up, and error-prone only insofar as one has to think of all the malicious things users might try to do. Probably better to start out by giving them too few permissions, and correct it as they complain.

@Scott: I'm intrigued - All web apps would run under the same user account (the same one Tomcat runs under), so how could you stop them writing over each others directories using filesystem permissions?
[ November 09, 2005: Message edited by: Ulf Dittmer ]

Ping & DNS - my free Android networking tools app
Scott Selikoff
author
Saloon Keeper

Joined: Oct 23, 2005
Posts: 3710
    
    5

Originally posted by Ulf Dittmer:
@Scott: I'm intrigued - All web apps would run under the same user account (the same one Tomcat runs under), so how could you stop them writing over each others directories using filesystem permissions?


Good point, I forgot the Tomcat user is the same irregardless of 'where' the files are located. Operating system settings would only come into play if each user was running their own instance of Tomcat. Hmmm... wonder if there is a way to force the operating system settings forward though... going to think about this one.
Tony Morris
Ranch Hand

Joined: Sep 24, 2003
Posts: 1608
So in conclusion, everyone is as confused as I am?
 
GeeCON Prague 2014
 
subject: Container security