Hi PrestonYes, I am aware of this. I do not want that users should be able to run the web application under root. In the meantime I have found a waqy to create what I wanted. Thank you all for your feedback.
On Sep 27, 2008, at 7:49 PM, Preston L. Bannister wrote:
Nitai, You *really* do not want your web application to run with permission to create directories in root. That level of privilege gives your application pretty much unlimited capabilities, and should be far in excess of what your application needs. There is nothing wrong with this level of privilege is your programming is perfect, AND there is no chance someone could subvert your application. No one is that perfect ... and a web application is *very* exposed. What you what to do is create the workspace for your application at the time of initial setup. Running setup with higher privilege is an acceptable risk. If your application is meant to be shared, the usual place on Linux is "/var/lib/whatever". (See http://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard for more information.) Replace "whatever" with a name appropriate to your application. (I'd be inclined to conflate with Java package naming and choose "/var/lib/us.bannister.myapp/" if distributing an application under my name.) Adjust the permission to the "whatever" directory so that your web application has access. The fact that Windows allows write-anywhere privilege so easily is a large part of why Windows is so easily subverted, and why Unix systems are a little less easy to subvert. --~--~---------~--~----~------------~-------~--~----~You received this message because you are subscribed to the Google Groups "H2 Database" group.To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/h2-database?hl=en -~----------~----~----~----~------~----~------~--~---
-- Roozani - memorize everywhere http://www.roozani.com/Razuna - Open Source Digital Asset Management with Web Content Management
http://www.razuna.com/ SixSigns - Enrich people’s lives and web experience http://www.sixsigns.com http://blog.sixsigns.com
smime.p7s
Description: S/MIME cryptographic signature
