Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Simple Quesion

 
Khaled Mahmoud
Ranch Hand
Posts: 361
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have tried to insert the following line of code in the doGet method of a servlet in a web application.



After the first request to this servlet, the whole web server shut down.
Now suppose that I am a malicious person and I want to host my application on a real server where many other web applications reside.

I could write code like the following :


After that, anytime I want to shutdown the webserver, I can simply request a url and put the shut down password.

Any ideas about how to protect from this issue.
[ May 08, 2007: Message edited by: Khaled Mahmoud ]
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Containers are smart enough to prevent you from doing this. For example in Tomcat, you can use the SecurityManager to ungrant RuntimePermission, and disallow user to call the exit method.
Here is the documentation of Tomcat's SecurityManager :
http://tomcat.apache.org/tomcat-5.5-doc/security-manager-howto.html
 
Khaled Mahmoud
Ranch Hand
Posts: 361
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks a lot. That's exactly what I was looking for. Looks like I have to read more about security in Java.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic