[opencms-dev] JVM security
Joe Desbonnet
jdesbonnet at gmail.com
Thu Jul 14 14:19:55 CEST 2005
I'm about to depoy a OpenCms installation where several independent
customers will be using the one installation to manage small websites.
I'm using Linux for hosting.
Being able to write JSP scripts == shell access as JVM user. Because I
know my customers well, this is not a problem in the short term, but
in the longer term I think it is important to be able to control what
the JSP scripts can do. One consequence of this is that the default
MySQL configuration of having a null password for root at localhost is
dangerous. Anyone with access to JSP scripting can zap the entire db
if they wanted to.
One solution I can think of is to use SELinux to apply fine grain
access controls on the JVM. However I think this should be built into
the application if possible.
Has anyone given this any thought?
Joe.
More information about the opencms-dev
mailing list