Security and the Servlet Sandbox
A servlet runs within the Web server and, if allowed, can access the file system and network or can even call System.exit() to shutdown the Web server. Giving a servlet this level of trust is not advisable, and Web servers can and usually do, run servlets in a sandbox, which restricts the damage a rogue servlet can potentially cause.
A servlet sandbox is an area where servlets are given restricted access to the server. Servlets running in the sandbox can be constrained from accessing the file system and network. This is similar to how Web browsers control applets. The implementation of the sandbox is server dependent, but a servlet in a sandbox is unlikely to be able to
Access server files
Access the network
Run ...
Get Sams Teach Yourself J2EE™ in 21 Days, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
