Security and the Servlet Sandbox

A servlet runs within the Web server and, if allowed, can access the file system and network or can even call System.exit() to shutdown the Web server. Giving a servlet this level of trust is not advisable, and Web servers can and usually do, run servlets in a sandbox, which restricts the damage a rogue servlet can potentially cause.

A servlet sandbox is an area where servlets are given restricted access to the server. Servlets running in the sandbox can be constrained from accessing the file system and network. This is similar to how Web browsers control applets. The implementation of the sandbox is server dependent, but a servlet in a sandbox is unlikely to be able to

• Access server files

• Access the network

• Run external processes on the server