?
Solved

Security and no WEB-INF access

Posted on 2003-03-13
11
Medium Priority
?
474 Views
Last Modified: 2008-03-10

I am a gold member of addr.com and they have a setup where they lock off write access to the WEB-INF directory as root, but then allow access to a WEB-INF->servlets directory.  The end result of this as far as I can tell is that you can't use your own web.xml file.

I am concerned about this in two ways.  I wanted to use JSP tags, but it seemed to need the web.xml file and I also am more concerned about security.   I may decide to host secure information and am not sure if I can do so well despite them having .htaccess and SSL.

They use somewhat outdated versions across their servers:
      - tomcat3.3.1
      - servlet  2.2
      - jsp  1.1
      - MySQL  version 3.23.41

I am looking for ideas on how to create a secure site with these limitations.  If you see this as being hopeless, maybe you have ideas on a much more secure, reasonably priced, performant hosting company.  It would be a pain to move now, but I may have to do it.

thank you for your help
0
Comment
Question by:johnike
  • 6
  • 3
  • 2
11 Comments
 
LVL 14

Accepted Solution

by:
kennethxu earned 750 total points
ID: 8131193
without access to web.xml, you cannot deploy a real j2ee web application. I would suggest you to look for something else.
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 8131344
http://www.lunarpages.com/hosting.html : Resin's Servlet 2.3 and JSP 1.2 engine
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 8131423
another one : http://www.servlets.net/index.html

I suggest you to call them and find out if they have what you are looking for. try out before you move your site.

there is a free jsp/servlet hosting site www.mycgiserver.com , I'm not sure how their upgrade goes.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 14

Expert Comment

by:kennethxu
ID: 8132026
I think myservlethosting.com have private jvm option for $60 per month, this plan will give you full access to J2EE
0
 
LVL 92

Expert Comment

by:objects
ID: 8132208
I use www.estation.com.au and have never had a problem with them, and they are relatively cheap.
0
 

Author Comment

by:johnike
ID: 8134497

Thank you.  I am glad for the help in responses but at the same time it seems like there is no possitive outlook for the site I am using.  I guess there is no reasonable way around not having access to web.xml.

I have not made a decision yet and am hoping for some gentler resolution, but I am looking at www.supplehost.com and they seem good at first glance.  I have to dig deeper.

Thank you so much as this learning addr.com does not have what I would need is a big loss of time.


0
 

Author Comment

by:johnike
ID: 8134954

Thank you.  I am glad for the help in responses but at the same time it seems like there is no possitive outlook for the site I am using.  I guess there is no reasonable way around not having access to web.xml.

I have not made a decision yet and am hoping for some gentler resolution, but I am looking at www.supplehost.com and they seem good at first glance.  I have to dig deeper.

Thank you so much as this learning addr.com does not have what I would need is a big loss of time.


0
 
LVL 14

Expert Comment

by:kennethxu
ID: 8136942
>> I guess there is no reasonable way around not having access to web.xml.
right, web.xml is such an important file that I cannot believe you can develop a decant web application without touching it.

>> addr.com does not have what I would need is a big loss of time.
so do ask supplehost a lot of questions this time :)

>> but I am looking at www.supplehost.com and they seem good at first glance
hmm, looks good in both tech and price, not sure about quality of service and support. they charge $18/m for a yearly plan, you get,

Private Java Virtual Machine: 1.4.1
Java Server: Tomcat 4.1.18
Web Server: Apache 2.0.44
Database: MySQL 3.23.54b-max or 4.0.7-max
O/S: GNU/Linux 2.4
MTA: sendmail 8.12.8
Other: PHP 4.3.0, Perl 5.6.1

good luck shopping!
0
 
LVL 92

Expert Comment

by:objects
ID: 8139677
Looking at your question again.

> I wanted to use JSP tags, but it seemed to need the web.xml file

No you can specify tld directly in jsp.

> and I also am more concerned about security.

What are your concerns?
0
 

Author Comment

by:johnike
ID: 8145360
I am trying supplehost for now.  I have access to server.xml and web.xml and they answered my other questions well for now.  They have what I need at a good rate.  I see nothing wrong with them except that I think they handle all requests via email and not phone.  I tend to have better luck that way anyhow.

Thank you for your help all.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Don’ts and Dos are two important end products of software testing basics that a tester needs to regard. This article attempts to explain the principles of both.
This article explains how to use the rsync command to create backups and sync data across hosts. Rsync is a very useful command that is often used to copy data, make backups, migrate hosts, and bridge the gap between site staging and production envi…
Enter Foreign and Special Characters Enter characters you can't find on a keyboard using its ASCII code ... and learn how to make a handy reference for yourself using Excel ~ Use these codes in any Windows application! ... whether it is a Micr…
This video tutorial shows you the steps to go through to set up what I believe to be the best email app on the android platform to read Exchange mail.  Get the app on your phone: The first step is to make sure you have the Samsung Email app on your …
Suggested Courses
Course of the Month8 days, 9 hours left to enroll

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question