Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Liutauras Vilda
  • Campbell Ritchie
  • Tim Cooke
  • Bear Bibeault
  • Devaka Cooray
Sheriffs:
  • Jeanne Boyarsky
  • Knute Snortum
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Ganesh Patekar
  • Stephan van Hulst
  • Pete Letkeman
  • Carey Brown
Bartenders:
  • Tim Holloway
  • Ron McLeod
  • Vijitha Kumara

Simple Quesion  RSS feed

 
Ranch Hand
Posts: 361
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have tried to insert the following line of code in the doGet method of a servlet in a web application.



After the first request to this servlet, the whole web server shut down.
Now suppose that I am a malicious person and I want to host my application on a real server where many other web applications reside.

I could write code like the following :


After that, anytime I want to shutdown the webserver, I can simply request a url and put the shut down password.

Any ideas about how to protect from this issue.
[ May 08, 2007: Message edited by: Khaled Mahmoud ]
 
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Containers are smart enough to prevent you from doing this. For example in Tomcat, you can use the SecurityManager to ungrant RuntimePermission, and disallow user to call the exit method.
Here is the documentation of Tomcat's SecurityManager :
http://tomcat.apache.org/tomcat-5.5-doc/security-manager-howto.html
 
Khaled Mahmoud
Ranch Hand
Posts: 361
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks a lot. That's exactly what I was looking for. Looks like I have to read more about security in Java.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!