André Warnier escribió:
Miguel Torres Fernández wrote:
Good Morning.
At firts say hello, this is my first message to the list.
I'm a system admin and i have a problem with applications thats set
system variables like proxy of the system (system.setProperties).
It's a big problem for us, i have an instance of tomcat with more
than ten applications and the past week two of them modify parameters
of the system like proxy or trustkeystore.
Exist some jdk options to avoid applications to set this parameters?
Hola Miguel.
Simple answer : don't run these applications. The developers of these
applications should know that when they set such a "system" property,
it sets it for the entire JVM, and they should think about the
consequences.
As a sysadmin, you can probably forbid these applications from doing
that, by running Tomcat with a security manager. Look at the Tomcat
startup scripts to see if there are default options being loaded
somewhere. If you are under Linux, you may find something in, for
example, /etc/defaults/tomcat.
But the problem is, such a security manager is also valid for the
entire JVM, and thus the entire Tomcat and all its (other) applications.
So you may have to do a lot of individual tuning of the permissions of
each application, just to control these two misbehaving applications.
Also, by setting these permissions, the most likely result is that
these two applications will now crash, since they will get a
permission error when they try to do what they do.
So, back to the simple answer above.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Hello André!
The first step, as work arround, has been put this apps in quarantine,
the other apps needs to be in production, but now I need to make a
system to avoid future apps to set this parameters. If bad apps doesn't
work it not my fault and i told the developers which problems involve
their apps and that they need to fix it.
Thank you very much.
--
Miguel Torres Fernández
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
