Back to Security Pattern Catalog

Server Sandbox

Classification Key : Exterior Security, Tampering


Any vulnerability that is in a server application is open for manipulation by some malicious user. So the server application should be protected from misuse. However, the diversity of attack types poses a difficulty because the server cannot anticipate it beforehand. How can the server applications be made safe?


Limit the privileges that web components possess at run time. Create a user account only used by server. Limit the privilege so that it has execution privilege only (no administrative privilege). Web applications require limited privilege once they are started. Assign a Unix server application to listen on a privileged port. Start the application on the server with additional privileges, but once the privileges are no longer needed perform a privilege drop.

Known Uses

Apache Web server starts at port 80 with root privileges, but then lowers its privilege and runs as ‘nobody’.

Related Patterns

chroot Jail


Kienzle et. al. Repository




Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz