----- Original Message -----
From: Hubert Rabago <[EMAIL PROTECTED]>
> So, are you saying that for web applications, I can already ignore the
security
> APIs because
> the servlet container will already provide the security as long as I
define the
> security constraints,
> roles, etc?
nopes...
there are 2 aspects of security...protecting your files(which maybe
servlets/htmls/images) from the users..and protecting your webserver
computer from servlets.
The general security aspects (sandboxes, security policies, security
managers) are for protecting your computer's resources from ill-programmed
servlets/programs.
The servlet container implements roles/constraints etc to protect the files
from unauthorised users..
both are required..
hope this makes it clear
kishor
> kishor bhagwat <[EMAIL PROTECTED]> on 12/07/2000 10:26:28 PM
>
> Please respond to "A mailing list for discussion about Sun Microsystem's
Java
> Servlet API Technology." <[EMAIL PROTECTED]>
>
> To: [EMAIL PROTECTED]
> cc: (bcc: Hubert Rabago/GIRC/SVI)
>
> Subject: Servlets & web app security
>
>
>
>
> hello!
> I've been out a few days, and on coming back i noticed a few mails about
> protecting files/servlets and general webapp security...here's my two
cents
> on it..
> the servlet specification requires the servlet container to provide some
> security features.
> In particular, with Tomcat, you can have quite good control over your web
> application.
> For eg, in the web.xml file of your web application, you can define a
> collection of resources(servlets, htmls, images etc) and then define
> secuirity constraints, security roles, authentication methods etc for that
> particular collection.
> for more information, just go thru the DTD of the web.xml file that came
> with Tomcat...
>
> hope this helps,
> kishor
>
>
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
>
>
___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
>
___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
