[opencms-dev] JVM security

Joe Desbonnet jdesbonnet at gmail.com
Thu Jul 14 14:19:55 CEST 2005


I'm about to depoy a OpenCms installation where several independent
customers will be using the one installation to manage small websites.
I'm using Linux for hosting.

Being able to write JSP scripts == shell access as JVM user. Because I
know my customers well, this is not a problem in the short term, but
in the longer term I think it is important to be able to control what
the JSP scripts can do.  One consequence of this is that the default
MySQL configuration of having a null password for root at localhost is
dangerous. Anyone with access to JSP scripting can zap the entire db
if they wanted to.

One solution I can think of is to use SELinux to apply fine grain
access controls on the JVM. However I think this should be built into
the application if possible.

Has anyone given this any thought?

Joe.



More information about the opencms-dev mailing list