Re: [ProgSoc] Servlets

[Suresh Rajagopalan <suresh@nospam.progsoc.uts.edu.au>]

What a long email. Will try my best to answer your questions.
  
The port i am using is 9090.
>                              
> A few points... firstly, which port are you using for this?
> The exec require notification of all port listners that can be   
> visited from outside progsoc. This isn't to say that I'm going to
> shut down your server, I just want to be sure I know what it is  
> doing (and we don't want a bunch of other users trying to use  
> the same port as you are).
  
I am running LWS in my own instance. It will not affect
other users. The server has its own config, in which
I must configure to run my servlets, jsp's or beans.

> If the litewebserver works and runs applets in a reasonably
> stable manner then I suggest that we don't need to modify apache
> and that we can install the litewebserver for anyone who needs  
> servelets. This will require that someone document the security 
> model of the litewebserver and the servlets... it is no problem 
> to make the litewebserver run as its own user and its own group.
> Then it will be able to read everyone's public_html directories
> and find stuff there but then no one will be able to give their
> servlets write access (unless they want to give the whole world
> write access). Can servlets run as some sort of SUID thing?
> Is it possible to have a servlet that has world execute permission
> but not world read permission (i.e. allowing embedded mysql
> passwords in the servlet)?

Servlets act as an extension to the webserver, there are no security
problems
with servlets, the JVM takes care of it. If you plan to install
a servlet/jsp engine, I suggest Tomcat. I put LWS on my account
because its small and easy to install/configure.


>By the way, can anyone explain to me exactly what servlets
>really do? I thought that the idea of java is that you write
>client-side java that connects back to ports on the server-side
>and allows an interactive session. To use it properly, you HAVE
>to run a dedicated port for each application anyhow -- trying to
>feed interactive sessions through apache sounds like running
>a three-legged race while standing on your head at the same time.

>If people want to run a special purpose server to support
>interactive connections from their client-side java applets
>then I have no problem with that. They can even write their
>server in java if they like, all I'm asking is for some 
>notification so that port-listeners can be suitable monitored
>and managed.

You can think of a servlet as a server side applet, but the gui part of it
being a web page. A JSP is really a servlet, it gets converted from
JSP to servlet at runtime, by a servlet engine. A couple of people have 
requested me for instructions on setting  up LWS. I suggest if people
in progsoc are interested in servlet technology, it would be worthwile
if we had a common servlet engine running on progsoc. rather than
individuals
setting up there own servers, and then we loose control of open ports.

Personally, i would appreciate if you didnt shut down my port.

-
You are subscribed to the progsoc mailing list. To unsubscribe, send a
message containing "unsubscribe" to progsoc-request@nospam.progsoc.uts.edu.au.
If you are having trouble, ask owner-progsoc@nospam.progsoc.uts.edu.au for help.