On Thu, 4 Dec 2008, Florent André wrote: > > > On Thu, 4 Dec 2008 11:52:49 +0100 (CET), Rainer Schöpf > <[EMAIL PROTECTED]> wrote: > > On Thu, 4 Dec 2008, Florent André wrote: > > > > > Install in 5.5 with Débian and .deb (apt-get), require some (little) > > > configuration. This configuration is not easy to find, but I just find > > out > > > this and I can share this if you want. > > > > You need to either switch off the security manager (TOMCAT5_SECURITY=no > in > > /etc/default/tomcat5.5) or spend time configuring it. > > Yes I do that (1 of the 2 "little configuration"). > > Is this a security risk to disable this security manager ?
That depends. With the security manager switched off, your web application has the "normal" access rights of the server process. In particular, there is the possibility to access a different web application running in the server. With the security manager enabled, all accesses to, eg., the filesystem or the JVM are checked. > I try to configure It but with no successfull. I haven't found an easy way to configure it. The way that worked for me in principle is this: switch on debugging output to see the exceptions raised by the security manager, then run your web application. When an exception is shown in the log, add an appropriate access configuration, then restart your application. Repeat until done ;-) Very tedious. For lenya, I tried it and gave up at some point. Regards, Rainer --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
