This is the mail archive of the java@gcc.gnu.org mailing list for the Java project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: JSP Servlet container / WEB server

Mohan Embar writes:
 > Hi Lars,
 > 
 > >I have made a web server that compiles JSP pages and servlets into .so
 > >dynamic libraries using GCJ. The web engine itself is of course compiled
 > >with GCJ. 
 > >This makes for a compact, fast little web server!
 > 
 > Cool!
 > 
 > I know you said to continue the discussion elsewhere, but I've got one
 > gcj-related question which may or may not be sacrilegious for this list.
 > Doesn't running the webserver and compiled JSPs as native code
 > potentially bypass all of Java's purportedly wonderful security features?
 > I don't recall if I'm remembering this correctly, but isn't gcj somewhat
 > lacking in things like class verification and maybe even security checks?

This is true.  The gcj libraries don't implement the Java security
sandbox.

 > I know there are a million ways to secure a webserver, but I kind of
 > like the idea of a real JVM being sort of a safety net.

It's not the jvm that provides this, but the libraries -- there's no
reason fully compiled Java can't be just as secure as a conventional
VM.

Andrew.
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]