Hi,
I have a couple of questions about security. If
someone can point me to a good link, that would
be great.
What I want to do is set up a series of sites one a single
machine each with its own access to a jdbc database. I have
a connection pool that uses passwords and urls
from a config file and assumes that anybody requesting
is secure. My assumption that anybody requesting
is secure is what worries me.
If I make one database per JVM and I'm running
in tandem with Apache, is there a way that I can
know for sure that another process from the same
machine isn't "spoofing" me? I can firewall or use
config settings to secure against requests from other
machine's but is there a way to do this against
local processes?
If there is a method to do this, can it be done
with different users using the same JVM? I thought
of examining HttpServletRequest objects but those
can be modified.
Thanks,
Omar
