?
Solved

Security and no WEB-INF access

Posted on 2003-03-13
11
Medium Priority
?
458 Views
Last Modified: 2008-03-10

I am a gold member of addr.com and they have a setup where they lock off write access to the WEB-INF directory as root, but then allow access to a WEB-INF->servlets directory.  The end result of this as far as I can tell is that you can't use your own web.xml file.

I am concerned about this in two ways.  I wanted to use JSP tags, but it seemed to need the web.xml file and I also am more concerned about security.   I may decide to host secure information and am not sure if I can do so well despite them having .htaccess and SSL.

They use somewhat outdated versions across their servers:
      - tomcat3.3.1
      - servlet  2.2
      - jsp  1.1
      - MySQL  version 3.23.41

I am looking for ideas on how to create a secure site with these limitations.  If you see this as being hopeless, maybe you have ideas on a much more secure, reasonably priced, performant hosting company.  It would be a pain to move now, but I may have to do it.

thank you for your help
0
Comment
Question by:johnike
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 2
11 Comments
 
LVL 14

Accepted Solution

by:
kennethxu earned 750 total points
ID: 8131193
without access to web.xml, you cannot deploy a real j2ee web application. I would suggest you to look for something else.
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 8131344
http://www.lunarpages.com/hosting.html : Resin's Servlet 2.3 and JSP 1.2 engine
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 8131423
another one : http://www.servlets.net/index.html

I suggest you to call them and find out if they have what you are looking for. try out before you move your site.

there is a free jsp/servlet hosting site www.mycgiserver.com , I'm not sure how their upgrade goes.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 14

Expert Comment

by:kennethxu
ID: 8132026
I think myservlethosting.com have private jvm option for $60 per month, this plan will give you full access to J2EE
0
 
LVL 92

Expert Comment

by:objects
ID: 8132208
I use www.estation.com.au and have never had a problem with them, and they are relatively cheap.
0
 

Author Comment

by:johnike
ID: 8134497

Thank you.  I am glad for the help in responses but at the same time it seems like there is no possitive outlook for the site I am using.  I guess there is no reasonable way around not having access to web.xml.

I have not made a decision yet and am hoping for some gentler resolution, but I am looking at www.supplehost.com and they seem good at first glance.  I have to dig deeper.

Thank you so much as this learning addr.com does not have what I would need is a big loss of time.


0
 

Author Comment

by:johnike
ID: 8134954

Thank you.  I am glad for the help in responses but at the same time it seems like there is no possitive outlook for the site I am using.  I guess there is no reasonable way around not having access to web.xml.

I have not made a decision yet and am hoping for some gentler resolution, but I am looking at www.supplehost.com and they seem good at first glance.  I have to dig deeper.

Thank you so much as this learning addr.com does not have what I would need is a big loss of time.


0
 
LVL 14

Expert Comment

by:kennethxu
ID: 8136942
>> I guess there is no reasonable way around not having access to web.xml.
right, web.xml is such an important file that I cannot believe you can develop a decant web application without touching it.

>> addr.com does not have what I would need is a big loss of time.
so do ask supplehost a lot of questions this time :)

>> but I am looking at www.supplehost.com and they seem good at first glance
hmm, looks good in both tech and price, not sure about quality of service and support. they charge $18/m for a yearly plan, you get,

Private Java Virtual Machine: 1.4.1
Java Server: Tomcat 4.1.18
Web Server: Apache 2.0.44
Database: MySQL 3.23.54b-max or 4.0.7-max
O/S: GNU/Linux 2.4
MTA: sendmail 8.12.8
Other: PHP 4.3.0, Perl 5.6.1

good luck shopping!
0
 
LVL 92

Expert Comment

by:objects
ID: 8139677
Looking at your question again.

> I wanted to use JSP tags, but it seemed to need the web.xml file

No you can specify tld directly in jsp.

> and I also am more concerned about security.

What are your concerns?
0
 

Author Comment

by:johnike
ID: 8145360
I am trying supplehost for now.  I have access to server.xml and web.xml and they answered my other questions well for now.  They have what I need at a good rate.  I see nothing wrong with them except that I think they handle all requests via email and not phone.  I tend to have better luck that way anyhow.

Thank you for your help all.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question