Security and no WEB-INF access
I am a gold member of addr.com and they have a setup where they lock off write access to the WEB-INF directory as root, but then allow access to a WEB-INF->servlets directory. The end result of this as far as I can tell is that you can't use your own web.xml file.
I am concerned about this in two ways. I wanted to use JSP tags, but it seemed to need the web.xml file and I also am more concerned about security. I may decide to host secure information and am not sure if I can do so well despite them having .htaccess and SSL.
They use somewhat outdated versions across their servers:
- tomcat3.3.1
- servlet 2.2
- jsp 1.1
- MySQL version 3.23.41
I am looking for ideas on how to create a secure site with these limitations. If you see this as being hopeless, maybe you have ideas on a much more secure, reasonably priced, performant hosting company. It would be a pain to move now, but I may have to do it.
thank you for your help
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.lunarpages.com/hosting.html : Resin's Servlet 2.3 and JSP 1.2 engine
another one : http://www.servlets.net/index.html
I suggest you to call them and find out if they have what you are looking for. try out before you move your site.
there is a free jsp/servlet hosting site www.mycgiserver.com , I'm not sure how their upgrade goes.
I suggest you to call them and find out if they have what you are looking for. try out before you move your site.
there is a free jsp/servlet hosting site www.mycgiserver.com , I'm not sure how their upgrade goes.
I think myservlethosting.com have private jvm option for $60 per month, this plan will give you full access to J2EE
I use www.estation.com.au and have never had a problem with them, and they are relatively cheap.
ASKER
Thank you. I am glad for the help in responses but at the same time it seems like there is no possitive outlook for the site I am using. I guess there is no reasonable way around not having access to web.xml.
I have not made a decision yet and am hoping for some gentler resolution, but I am looking at www.supplehost.com and they seem good at first glance. I have to dig deeper.
Thank you so much as this learning addr.com does not have what I would need is a big loss of time.
ASKER
Thank you. I am glad for the help in responses but at the same time it seems like there is no possitive outlook for the site I am using. I guess there is no reasonable way around not having access to web.xml.
I have not made a decision yet and am hoping for some gentler resolution, but I am looking at www.supplehost.com and they seem good at first glance. I have to dig deeper.
Thank you so much as this learning addr.com does not have what I would need is a big loss of time.
>> I guess there is no reasonable way around not having access to web.xml.
right, web.xml is such an important file that I cannot believe you can develop a decant web application without touching it.
>> addr.com does not have what I would need is a big loss of time.
so do ask supplehost a lot of questions this time :)
>> but I am looking at www.supplehost.com and they seem good at first glance
hmm, looks good in both tech and price, not sure about quality of service and support. they charge $18/m for a yearly plan, you get,
Private Java Virtual Machine: 1.4.1
Java Server: Tomcat 4.1.18
Web Server: Apache 2.0.44
Database: MySQL 3.23.54b-max or 4.0.7-max
O/S: GNU/Linux 2.4
MTA: sendmail 8.12.8
Other: PHP 4.3.0, Perl 5.6.1
good luck shopping!
right, web.xml is such an important file that I cannot believe you can develop a decant web application without touching it.
>> addr.com does not have what I would need is a big loss of time.
so do ask supplehost a lot of questions this time :)
>> but I am looking at www.supplehost.com and they seem good at first glance
hmm, looks good in both tech and price, not sure about quality of service and support. they charge $18/m for a yearly plan, you get,
Private Java Virtual Machine: 1.4.1
Java Server: Tomcat 4.1.18
Web Server: Apache 2.0.44
Database: MySQL 3.23.54b-max or 4.0.7-max
O/S: GNU/Linux 2.4
MTA: sendmail 8.12.8
Other: PHP 4.3.0, Perl 5.6.1
good luck shopping!
Looking at your question again.
> I wanted to use JSP tags, but it seemed to need the web.xml file
No you can specify tld directly in jsp.
> and I also am more concerned about security.
What are your concerns?
> I wanted to use JSP tags, but it seemed to need the web.xml file
No you can specify tld directly in jsp.
> and I also am more concerned about security.
What are your concerns?
ASKER
I am trying supplehost for now. I have access to server.xml and web.xml and they answered my other questions well for now. They have what I need at a good rate. I see nothing wrong with them except that I think they handle all requests via email and not phone. I tend to have better luck that way anyhow.
Thank you for your help all.
Thank you for your help all.