On Thu, 17 May 2001, Glenn Nielsen wrote:
> > I guess he's refering to DOS attacks ( like a while(true); in java code
> > or allocating lots of memory ).
>
> You won't have much of a templating language if you don't allow some
> sort of looping. Kind of hard to restrict that.
True, but if you have a set of "trusted" tags, including looping tags, and
no "untrusted" code except the one that calls the tags you could do a lot
to control the resources.
For example the tags ( or jasper generated code ) could check for time
execution limits, or how many resources are allocated.
> It would be nice if self monitoring were built into Tomcat so sysads could
> track statistics on performance of the JVM, Tomcat in general, and individual
> servlets/JSP's. Even setting thresholds when automated email notifications
> could be done. Lets give sysadmins the information they need, then they
> can take action against problem users.
Yes, that would be an interesting hack..
I was thinking about JPDA - it would be possible to check the memory use
for each thread, associate it with the user code. Also, it is possible to
store the time when entering/exiting user code, and have a deamon thread
check if any thread is spending too much time.
( the time monitoring part can be done without jpda - but to monitor the
memory I don't know other solution ).
( well, I know - I remember a certain tool that was used to manipluate
bytecodes and add "instrumentation" before all allocations - but that's
far too difficult for the time we have available ).
> I still think that using the SecurityManager implementation in Tomcat with a
> well tuned security polciy can provide one of the most secure environments
> available for running web based applications. This is just my opinion,
> feel free to try and convince me some other technology is more secure.
I'll not even try :-)
You're right, but there are some things that we could add to also control
some resource usage ( memory and cpu time ).
Costin