We have a simple web application that allows users to generate charts and diagrams off of data in a database. Our company also wants to offer a client package that will generate the same charts and diagrams, except the application will be a Java Swing application.
I proposed that instead of maintaining two different presentation layers, that we have the web application run in a local instance on the user's machine.
Concerns have been expressed over the security of such an install. Several of my co-workers claim that users will acutally go in and edit the tomcat config files, hence screwing up our application.
With that in mind, is there anyway to secure tomcat to prevent this from happening? If not, are there any viable arguments on why this really shouldn't be our concern?
Also, is my suggestion of not maintaining two presentations of the same data a valid one?
Any feedback would be greatly appreciated.