Re: [ProgSoc] Servlets

[Telford Tendys <telford@nospam.progsoc.uts.edu.au>]

On Sat, Jan 27, 2001 at 11:53:20AM +1100, Suresh Rajagopalan wrote:
> Well i have been trying for months. I have set up my own servlet/JSP
> server on progsoc.
> Goto www.gefionsoftware.com, download litewebserver to your progsoc
> account.
> its very small, like 200Kb or something. unzip it, make sure your
> classpath settings are ok. And away you are.

A few points... firstly, which port are you using for this?
The exec require notification of all port listners that can be
visited from outside progsoc. This isn't to say that I'm going to
shut down your server, I just want to be sure I know what it is
doing (and we don't want a bunch of other users trying to use
the same port as you are).

If the litewebserver works and runs applets in a reasonably
stable manner then I suggest that we don't need to modify apache
and that we can install the litewebserver for anyone who needs
servelets. This will require that someone document the security
model of the litewebserver and the servlets... it is no problem
to make the litewebserver run as its own user and its own group.
Then it will be able to read everyone's public_html directories
and find stuff there but then no one will be able to give their
servlets write access (unless they want to give the whole world
write access). Can servlets run as some sort of SUID thing?
Is it possible to have a servlet that has world execute permission
but not world read permission (i.e. allowing embedded mysql
passwords in the servlet)?

Yet another option... can java programs be run as normal CGIs?
I would have thought is was easy to make a little C wrapper that
exec's through to the JVM and run some java bytecode.
This will work with the existing apache and will also support
the normal SUEXEC system -- does a servlet offer anything more
than running java bytecode through a CGI?

The other option is that each person who wants servlets runs
their own litewebserver (we can install it in /usr/local
somewhere to save on duplicate files in home directories)
which means that we need to keep track of which users are
sitting on which ports. This is more of a pain and a nuisance
for the admins but a user will only have themselves to blame
if they stuff up their own security.

------------------------------------------------------------

By the way, can anyone explain to me exactly what servlets
really do? I thought that the idea of java is that you write
client-side java that connects back to ports on the server-side
and allows an interactive session. To use it properly, you HAVE
to run a dedicated port for each application anyhow -- trying to
feed interactive sessions through apache sounds like running
a three-legged race while standing on your head at the same time.

If people want to run a special purpose server to support
interactive connections from their client-side java applets
then I have no problem with that. They can even write their
server in java if they like, all I'm asking is for some 
notification so that port-listeners can be suitable monitored
and managed.

> My question really, would be how to get our own mysql DB set up on
> progsoc. 

Just run `mysql' and type `show databases;' then choose a name
that is not already there and type `create database test_xxxxx;'

All the databases with the test_ prefix are a free-for-all so
out of politeness don't go squashing other people's.
Once you have something reasonable up-and-running then if you
really need security we can copy it over to a non-test prefix
and give you a login and password for that database.

This is the default mysql permission setup by the way.


-- 
S1G: 18993344 seconds remaining			- Tel
-
You are subscribed to the progsoc mailing list. To unsubscribe, send a
message containing "unsubscribe" to progsoc-request@nospam.progsoc.uts.edu.au.
If you are having trouble, ask owner-progsoc@nospam.progsoc.uts.edu.au for help.