This week's book giveaway is in the Kotlin forum.
We're giving away four copies of Kotlin in Action and have Dmitry Jemerov & Svetlana Isakova on-line!
See this thread for details.
Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Running JForum with Security Policy  RSS feed

 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am running JForum on Tomcat with the security manager. It took a while for me to get the security policy created. I basically ran with security debugging on and granted permissions when I saw access errors. I did this until it ran without errors. I have been running a couple of days without access errors so this is pretty close to everything you need. The security is relatively fine grained but in general I gave permissions to all classes and libraries within the application directory to work within the application directory at the access level they needed. I could have given the permissions to specific classes but this would have taken even longer and been more complicated to manage. I think this provides a reasonable security policy. Let me know if you have any suggestions for improvement. I am posting here as a starting point for others.


[originally posted on jforum.net by parisila]
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!