Hi Daniel,

Thank you for the response.  In the new version of resin we are using the 
<jvm-arg> </jvm-arg> to pass in a path to the resin.policy file.  As you
mentioned, we are not able to supply it as an input from the script of
command line.

If you could forward any part of your policy file to me to help me get
started, I would be much appreciated.  

I haven't yet resolved why things appear to work when they apparently should
not.

Joey

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Daniel Lopez
Sent: Thursday, August 09, 2007 4:23 AM
To: resin-interest@caucho.com
Subject: [Resin-interest] Fwd: Re: Security Manager

If Resin/Your application is starting without problems and you have
nothing granted in your policy file, then it is sure the policy is not
being applied :).

We have one of our nodes configured in a similar manner and you have,
at the very minimum, to grant permissions to the Caucho classes to
allow Resin to open ports, write to temporary directories etc. so if
Resin is starting without that, no policy is being applied.

I'm out of the office and I have no way to get to that policy file now
from my holidays place, but first of all you will need to get the
policy file to be applied.

We were using a previous version of Resin where the policy file could
be specified as a startup parameter for http.sh, but AFAIK it is no
longer possible with recent versions of Resin so you'll have to find
out how to do it with the latest versions.

S!
D.

S'està citant "Mktg. Incorporate Fast" <[EMAIL PROTECTED]>:

> Hello,
>
>
>
> I am trying to implement resin as an ISP for many hosts in a shared
> environment.  We are setting up resin to run with a separate JVM per host
> and we hope to use the security manager to restrict server rights per
user.
>
>
>
> 1.)     We want to prohibit users from reading system files.
>
> 2.)     We want to prohibit malicious attacks via java, i.e.
system.exit();
>
>
>
> I have included <security-manager/> with the resin.conf file and we are
> using
<jvm-arg>-Djava.security.policy=file:/mypolicy/resin.policy</jvm-arg>.
> When the system restarts, it does not appear that it is using the policy
> file that we specified.  After restart a JSP page is still able to read
all
> files on server and execute system.exit.  Can anybody please help me to
> identify what I am missing.
>
>
>
> Lastly the resin.policy file does not have anything granted.
>
>
>
> Thanks,
>
>
>
> Joey


----------------------------------------------------------------





_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest




_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

Reply via email to