Sun
ONE Active Server Pages Product Home Page Developer Site Version
 

ContentsPreviousNextIndex



Setting the Security Mode


You can configure the Sun ONE ASP Server to run under Defined User Security mode or Inherit User Security mode (UNIX and Linux product versions). The appropriate mode depends on your Web hosting environment, and has important security implications for your server.

Caution icon Caution Be sure to read this section carefully, especially if you are running Sun ONE Web Server.

 

Inherit User Security Mode

Inherit User Security mode is available only for Sun ONE ASP running with the Apache Web server.

This mode is useful in shared Web hosting environments because the ASP Server runs with the permissions of the user defined for the Apache Web server. In a Web hosting environment using virtual hosts, the ASP Server runs as the user configured for the virtual host. For example, if the Web server is configured to run as user "john," when someone accesses the virtual server www.johns-site.com, the ASP Server runs under the account "john" when processing ASP page requests for www.johns-site.com. You can enable this mode from the Sun ONE ASP Administration Console, as described later in this section.

Sun ONE Web Server does not support Inherit User Security mode (the Inherit user security setting is not displayed in the Administration Console). To protect the security of your server when running Sun ONE ASP with Sun ONE Web Server, you should specify a user and group in the casp.cnfg file, as described in Editing the Sun ONE ASP Configuration File (see the [default machine] keyword). The ASP Server then runs with the permissions of that user and group.

 

Defined User Security mode

Defined User Security mode mode is available for Sun ONE Active Server Pages running with both the Sun ONE and Apache Web servers, and is appropriate for most corporate or dedicated Web hosting environments.

In this mode, the ASP Server runs with the permissions of the user and group defined in the Sun ONE ASP configuration file, casp.cnfg. The user and group account under which the ASP Server is configured to run should have access rights to all *.asp and *.asa pages, and should also have rights to Sun ONE ASP configuration files, such as casp.cnfg and odbc.ini. You enable this mode by setting Inherit user security to no in the Sun ONE ASP Administration Console (Apache) and then specifying a user and group in the casp.cnfg file (Apache and Sun ONE Web Server), as described in Editing the Sun ONE ASP Configuration File (see the [default machine] section).

Caution icon Caution If you set Inherit user security to no and do not specify a user and group in the casp.cnfg file, the ASP Server runs as root. This can compromise the security of your server.

Note the following:

To set the security mode

  1. Open the Administration Console (see Accessing the Administration Console).

  2. On the ASP Server tab of the Server Management page, click Settings.

  3. The Server Settings page displays.

  4. In the Inherit user security drop-down list, select yes to run under Inherit User Security mode, or no to run under Defined User Security mode.

  5. Caution icon Caution If you select no, you should edit the casp.cnfg file to add a user and group for the ASP Server to run under, as described in Editing the Sun ONE ASP Configuration File. If you do not make that change, the ASP Server runs as root, which can compromise the security of your server. You should always run Web servers other than Apache under Defined User Security Mode.
  6. Click Save to save your changes, or Cancel to revert to the settings that were last saved.

  7. The Server Management page displays.

  8. To put your changes into effect, restart the ASP Server by clicking Restart.

  9. Note icon Note Restarting the ASP Server resets all Session and Application variables.

See also:

Configuring File System Access



ContentsPreviousNextIndex