> 2. What sort of new security issues will servlets face when accessing
> resources on the intranet for e.g. a file with access rights etc.??
One thing that no one else seems to have mentioned is that it's probably a bad idea for web servers in a public (Internet-accessible) space to have direct access to a file system on a private network (Intranet). If your web server is compromised, the attacker will also have that access. You can easily create a custom "file proxy" which supplied controlled access to files.
Instead of this:
InputStream is = new FileInputStream("myfile.xyz");You have this:
InputStream is = fileProxyConnection.getFileStream("myfile.xyz");The method "getFileStream" could forward the call stack (or other information), allowing the file proxy to decide whether or not the file may be transmitted based on the Servlet that requests it (or based on some other data authenticating the requestor). If your web server is cracked, the attacker must reverse-engineer this file proxy system, and then will be limited by its willingness to serve file contents (e.g.. the attacker may only be able to read from a certain directory rather than being able to grab /etc/passwd or the NT SAM_ database).
Ted Stockwell:
> In the future some containers may use custom SecurityManagers to
create a
> sandboxes for each customer's servlets.
Why wait? Look into implementing a SecurityManger now -- that's what they're for! One tip: it would help your SecurityManager a lot if you separate different projects in different packages.
Good luck,
-- Charles
