IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Theory and Practice of Programming Forum / That's what the java secutiry docs said
Post #193,409
by drewk
Picture of drewk
2/7/05 12:41:54 PM
Reply
New That's what the java secutiry docs said
The default security is to protect the system from the developers, like in a hosting environment. Though if I were doing hosting, I'd have a separate jvm for each vhost.
===

Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
[link|http://DocHope.com|http://DocHope.com]
Post #193,429
by ben_tilly
2/7/05 1:14:06 PM
Reply
New If you were doing hosting, you'd go broke
The default security is to protect the system from the developers, like in a hosting environment. Though if I were doing hosting, I'd have a separate jvm for each vhost.

A jvm takes up a lot of RAM. A single server can serve a lot of vhosts. If you don't share the jvm, then you'll run out of RAM with a lot fewer vhosts than someone who does.

Sure, sharing is less secure. It also reduces your costs a lot, allowing you to charge less. Since virtual hosting is a commodity, prices are very competitive and corners like this get cut.

Incidentally the same factor goes a long ways towards explaining why it is easier to get a cheap hosting service to give you PHP than mod_perl. When you have mod_perl you wind up with such open access that you can't prevent one user from interfering with another, so you have to separate them more. PHP is limited enough that you can fairly safely load it into a shared server. So everyone provides PHP, but to get mod_perl you pretty much need to own your own server.

Cheers,
Ben
I have come to believe that idealism without discipline is a quick road to disaster, while discipline without idealism is pointless. -- Aaron Ward (my brother)
     How do I control file access in Java? - (drewk) - (14) - Feb. 6, 2005, 08:27:39 PM EST
         What user is Tomcat running as? - (admin) - (8) - Feb. 6, 2005, 08:31:37 PM EST
             Running as tomcat4 -NT - (drewk) - (7) - Feb. 6, 2005, 08:48:36 PM EST
                 Re: Running as tomcat4 - (admin) - (6) - Feb. 6, 2005, 09:00:42 PM EST
                     I chmod-ed 777 to make sure - (drewk) - (5) - Feb. 6, 2005, 09:06:47 PM EST
                         What is this "policytool" of which you speak? - (admin) - (4) - Feb. 6, 2005, 09:27:13 PM EST
                             Trying now -- cool, seems to work[1] - (drewk) - (3) - Feb. 6, 2005, 09:44:01 PM EST
                                 If it's your server... - (admin) - (2) - Feb. 6, 2005, 09:46:37 PM EST
                                     That's what the java secutiry docs said - (drewk) - (1) - Feb. 7, 2005, 12:41:54 PM EST
                                         If you were doing hosting, you'd go broke - (ben_tilly) - Feb. 7, 2005, 01:14:06 PM EST
         System.exec("chmod " + options + " " + filename)? -NT - (tuberculosis) - (4) - Feb. 7, 2005, 05:45:24 PM EST
             Yes, that what I have in mind now - (Arkadiy) - (3) - Feb. 7, 2005, 05:53:16 PM EST
                 Wasn't that - (drewk) - (2) - Feb. 7, 2005, 07:26:39 PM EST
                     You're talking about JVM's access to external files - (Arkadiy) - Feb. 7, 2005, 07:42:48 PM EST
                     You're only now starting to wonder? - (ben_tilly) - Feb. 7, 2005, 08:22:19 PM EST

Ninety-none-point-lots-of-nines percent of the galaxy is empty blackness.
279 ms