Cliff:
Sometimes, when things get heated up, you need to just step back before emotion
overrules you. The fact that you are using the Resin/ Jboss combination says a lot
about your good taste and wise judgment. But once something emotional is put into
print, people get offended, and start firing back. It's normal -- it's human nature.
It happened with the book The Satanic Verses by Salman Rushdie, which got him a death
sentence from Iran. Yet I don't condemn the Muslim faith because of it, since I have
met some wonderful Muslims, who helped me to understand more of their faith, and the
common elements with Jewish and Christian traditions.
Randy
-----Original Message-----
From: Cliff Rowley [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 15, 2001 10:18 AM
To: Orion-Interest
Subject: RE: Security between applications?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Weblogic is next on the list, the only problem being that I am
funding this entirely myself until we have a solid enough
presentation to try for investment (and one of my own machines is
looking more like a colo every day :\). We're not giving up hope
yet!
Currently I'm looking at a JBoss/Resin combination, as they both
offer certain features I'm keen to employ. I run Resin on my
development BSD box, and I am impressed with its simple yet powerful
configuration, which enables me to easily auto-generate it, and JBoss
has some very nifty hot deployment features and I believe I can
secure it at EJB level as well as connection level using its JAAS
support
(http://www.jboss.org/newsite/documentation/HTML/ch08s32.html).
- ---
I'd like to apologise to anyone offended by my earlier postings, I
was out of line - and I perhaps deserved the reception I received. I
dont think I deserved being called a fool, however, since I am not.
I defy anyone to say they've never done anything irrational under
stress.
I'd also like to thank those who saw through it and answered in a
mature and professional manner, and I hope they forgive my outburst.
- ---
Cliff
> -----Original Message-----
> From: Konstantin Polyzois [mailto:[EMAIL PROTECTED]]
> Sent: 15 February 2001 16:04
> To: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'
> Subject: RE: Security between applications?
>
>
> Securing datasources is no match for Weblogic. I do not know how
> Orion handles this.
> /korre
>
> -----Original Message-----
> From: Cliff Rowley [mailto:[EMAIL PROTECTED]]
> Sent: den 13 februari 2001 20:09
> To: Orion-Interest
> Subject: Security between applications?
>
>
> Greetings,
>
> We are currently evaluating the various J2EE solutions available
> for a venture that we hope to deliver to the world in a few months.
> Whilst reading the documentation for each, I dont appear to be
> able to configure Orion to suit the way the project will work.
>
> In order for our application to be of any use, we need to be able
> to implement a fair amount of security, since JSP pages may be at
> the mercy of
> people who are not us.
>
> Basically the application will provide a farm of hosts on which we
> will be offering certain services. Each application needs to have
> a data source that it, and only it has access to. The current
> problem as I see it is that
> if I define a connection in data-sources.xml, then every web
> application deployed on the server or cluster of servers has access
> to it.
> We need some
> way of securing that while still being able to use EJB in all its
> glory. We
> need to be able to offer the opportunity of creating and editing
> content without compromising the security of other applications on
> the system.
>
> Could anyone give us some tips and pointers on this?
>
> Thanks
>
> Cliff Rowley
>
>
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBOowBNgpjs58+bOhlEQJiJQCgjNVh2G+Adqa2lDWOtOFxYht5WEoAoOgp
kwYzWr78KQOvNMVnHiArp4bz
=+nWQ
-----END PGP SIGNATURE-----
