Blogging Roller

Simon Brown has been posting a number of good recommendations for securiting Pebble, but which apply to just about any Java web app. If you are running a public Roller server you should at least implement recommendations #1 and #2.

• #1 Disable JSP compilation
• #2 Don't run your server as root
• #3 Use the Java security model

Additionally, for Roller site admins: if you are running Roller 0.9.8, make sure you are running with the latest security patch, see the Roller project blog for details. If you are running Roller 0.9.9 from CVS make sure you have updated your site since August 2, 2004.