Ah, so it's easier said than done! ;-)
JRun has a security manager built-in, but only for 1.1 JVMs. What would
be ideal is to have some security properties files that users could
customize for their servlets/JSP, i.e., so the security permissions
could be set by users/developers at a really granular level. I have
looked briefly at the 1.2 Security API, but I am not too familiar with
it. Ideally this would be something a user could implement
transparently to JRun, or whatever servlet engine.
Geert Van Damme wrote:
>
> well, I don't have the details here and I didn't try it yet.
> But I do have the O'Reilly book about Java security. It's not really about
> servlets, but it shows how to start a JVM with several restrictions.
> (writing and reading files, starting external apps, System.exit()...)
> Since I start the JVM in which the servlets run as a normal java
> application, I guess it's not that difficult to specify the restrictions.
> Read the java API about the SecurityManager.
--
Scott Stirling
Allaire Corporation
http://www.allaire.com
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
