Posts Tagged ‘security’

Security policy permissions for Grails in Tomcat

Thursday, June 4th, 2009

Here are the permissions I’ve used for Grails apps deployed to Tomcat running the Java security manager. The Grails 1.0.x permissions are for a simple CRUD app. So far the Grails 1.1 permissions are just for a Hello World app. They’re not cut-and-paste: some thought is required to apply to individual server setups and some duplication is present. The grants go in the conf/catalina.policy file and restarting Tomcat is required. Unfortunately, it seems impossible to completely isolate these per-webapp since the Groovy and Grails code presents itself in funny ways.

I’m using Tomcat 6.0.18 and used both JDK 1.6.0_12 and 1.6.0_13 running on some sort of Linux.
(more…)

Tags: , ,
Posted in tech | 1 Comment »

Grails error.gsp security

Wednesday, October 1st, 2008

The default generated error.gsp view in Grails displays the stacktrace for any exceptions that occur. That’s nice for debugging in a development environment but it is a security issue for production as it is information leakage. We can easily turn this off when not in development, and do something useful like redirect to the application homepage.
(more…)

Tags: ,
Posted in tech | No Comments »