hello list, i am having trouble to configure tomcat (on linux) to support several vhosts for untrusted users. (i can't find any good documentation on this topic).
currently i am using the mod_webapp apache module. in server.xml i did configure one engine: <Engine className="org.apache.catalina.connector.warp.WarpEngine" name="tomcat.sysfrog.org" debug="0"> and several subvhosts (under this engine): <Host name="test3.sysfrog.org" debug="0" appBase="/home/web/test3.sysfrog.org/webapps" unpackWARs="false" /> the configuration seems to work, but i can't find any documentation about security aspects. is this configuration "safe", or would users have the possibility to affect other users vhosts. should i use one engine per user? do i need any additional security settings to e.g. prevent users from deleting files owned by the tomcat uid? how can i define one tomcat-users.xml per virtual host? are there any major disadvantages when using a shared tomcat instance? references to good documentation/books on this topic would be greatly appreciated. /gst -- sysfrog.org -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
