Menu
▾
▴
[Php-java-bridge-users] Securing PHP/Java Bridge
|
From: <php...@li...> - 2012-09-07 19:25:54
|
Hello all, I'm in the process of deploying an application which uses PHP/Java Bridge, and I'm having some difficulty figuring out how to secure the bridge against unauthorized usage. I've configured Tomcat to block access to the servelet except from localhost, but unless I'm mistaken, this still allows everybody on my shared hosting server to run arbitrary Java code in my container (reading or writing any of my files, etc.). This is certainly not ideal. I have followed the instructions to run P/JB with Tomcat's security manager (http://php-java-bridge.sourceforge.net/pjb/FAQ.html#tomcat-security), but this appears to simply bypass the security manager altogether, making it something of a non-solution. I would like to do one or ideally both of the following: 1. Run PHP/JavaBridge with a security manager so that I can prevent it from accessing files or directories not specifically required by my application. 2. Require authentication (e.g. basic HTTP authentication) when connecting to the PHP/Java Bridge servelet (presumably I could set this up in Tomcat, but I don't see any way to perform the authentication on the client end from my PHP application). Any pointers would be appreciated. Thank you! -Jon |
