Regular vs. stand-alone vs WAR

General discussions.

Moderator: moderators

Regular vs. stand-alone vs WAR

Postby djetch » Wed Dec 01, 2010 4:02 pm

While I have a decent handle on the basics here, I have some easy questions (I think they are easy).

Here is what I understand the differences between these 3 versions to be.

Regular - Runs as an application in the OS of choice but does function as a server too.

Stand-alone - Runs only as a service on a box (mostly a server) and is intended to run in the background.

WAR - Runs in the background behind (or on top of) of a web server process with the intend of being served to a public facing network (Internet).


My situation: I'm building a server for my LAN. I understand that I can easily rule out the regular install as the server is CLI only. So, here is the where I'm confused. What is the real purpose of going through the trouble of using the WAR setup and having to also have a web server up and running? Couldn't you just use the Stand Alone setup and port forwarding to the server?

Thanks in advance!
djetch
 
Posts: 27
Joined: Sun Nov 28, 2010 6:12 pm
Location: US

Postby seanpkeown » Thu Dec 16, 2010 7:07 pm

I think every version uses the .war file but if you already have a web server up and running for example tomcat all you need to to is put the .war file under webapps folder and then your pretty much done installing subsonic vs having to install subsonic along side tomcat or your web server.

It all depends on your preference. Plus if you don't like jetty which is what the standalone version installs then you can choose another webserver that may be easier to configure or may even run faster then jetty.

Hope this helps,
Sean K
seanpkeown
 
Posts: 100
Joined: Tue Jun 09, 2009 10:41 pm

Postby OM NOM NOM » Tue Dec 28, 2010 3:08 pm

Would security be an advantage of installing it into Tomcat vs. the standalone .deb configuration? Trying to avoid the whole "run as root" issue on the standalone version in Ubuntu.

FWIW I did try setting the standalone installer to run as an unprivileged user as suggested in the forums, but couldn't get it to work properly.
User avatar
OM NOM NOM
 
Posts: 11
Joined: Fri Mar 26, 2010 4:02 pm

Postby OM NOM NOM » Thu Dec 30, 2010 4:14 pm

Looks like I answered my own question. I did the Tomcat/WAR install and it still runs as root somehow, at least this is indicated by uploading a file and having permissions automatically set to root. So FYI for anyone using on Linux this is a potentially serious security flaw.
User avatar
OM NOM NOM
 
Posts: 11
Joined: Fri Mar 26, 2010 4:02 pm

Postby baaldemon » Thu Dec 30, 2010 7:04 pm

That is not due to subsonic but a mis-configured tomcat install. Subsonic does not break out of the user that tomcat runs as, so if tomcat is running as root then yes it is insecure and it has root privs. However if you have tomcat setup to run as a specific user it only has the privs of that user.
baaldemon
 
Posts: 99
Joined: Fri May 07, 2010 11:54 am

Postby OM NOM NOM » Fri Dec 31, 2010 6:41 am

Thanks - saw your reply on my other post. Appreciate the advice!
User avatar
OM NOM NOM
 
Posts: 11
Joined: Fri Mar 26, 2010 4:02 pm


Return to General

Who is online

Users browsing this forum: No registered users and 5 guests