2 Replies Latest reply on Oct 18, 2001 3:33 AM by J. Wolfgang Kaltz

    security issues in multi-homed environment

    Roman Kunert Newbie

      Hi,

      My ISP is willing to install JBoss/Tomcat and offer it's J2EE services to it's customers but there are some security concerns on his side that I have to overcome hopefully with your support. The ISP is working with Linux boxes that each home more than one user.

      Say Customer1 (c1) with domain www.c1.com and IP 1.2.3.4 and Customer2 (c2) with domain www.c2.com and same IP have both their applications, c1.ear and c2.ear.

      His concerns are:

      1.) how do I prevent c1 from 'overdeploying' c2.ear with his own maliciously made c2.ear

      2.) how do I make sure that all applications deployed by c1 are accessible and only accessible from www.c1.com

      3.) how can I easily prevent c1 from using code (JSP,servlet classes or EJB-components that c2 has deployed)

      thanks for ur help

        • 1. Re: security issues in multi-homed environment
          Scott Stark Master

          This is a multi-user environment, not multi-homed. To answer these questions you have to describe who has access to the server the JBoss server will run on.

          • 2. Re: security issues in multi-homed environment
            J. Wolfgang Kaltz Novice

            > 1.) how do I prevent c1 from 'overdeploying' c2.ear
            > with his own maliciously made c2.ear

            With the Tomcat war's you can do this by setting up the apps-.xml to point to a place where only the owner of that application has write access. But for the deployed beans (and for the combined stuff ear) I don't know - you can of course write some custom mechanism to handle this: for example application deployers deposit their stuff in some common directory, you have some cron job who looks in this directory, checks the user/ear name mapping (they must have been previously registered) and if its ok copies them into the actual deployment area.

            > 3.) how can I easily prevent c1 from using code
            > (JSP,servlet classes or EJB-components that c2 has
            > deployed)

            Well c1 could make calls say to EJBs that c2 has deployed but that's the point of deploying components, other applications must be able to call them, right ? If they live in a security context calls will only be possible with valid credentials, so I'm not sure there is a security concern here.