An Oracle blog about Java Technology

Do you want security in your App Server?

Guest Author

Photo of Felipe

has published a blog on his experiences trying to run
cejug-classifieds on GlassFish.
Felipe had initially tried testing against Tomcat, Geronimo and Websphere and was very suprised
when he encountered problems with GlassFish. After a thread at
the GlassFish forum,
he summarized the problems in
his blog.

I agree with these comments from his blog...

J2EE 1.4 ... claims that the Security Manager is not optional; ... Glassfish just follows the specification - and why the other servers don´t do the same? The answer seems related to the legacy software - several years of unsafe servers have given us a comfortable feeling about the servers with security-manager disabled. Your server is probably running without security-manager right now, and I invite you to think about such fragility.

Asking about security-manager, experienced developers revealed weird concepts about that, including something you need to disable in order to get all the things working on. That indifference about security seems to be a flaw in the development process - and also a dangerous culture.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.