axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gianluca Del buono" <gianluca.delbu...@caliari.it>
Subject R: security - AdminService
Date Wed, 19 Feb 2003 18:35:25 GMT
Hi Steve ,
thanks for your answer...
sorry for the silly question, but 

>>RC1 has a document on security

what do you mean by RC1 and where can I find this document ?
thanks

-----Messaggio originale-----
Da: Steve Loughran [mailto:steve_l@iseran.com] 
Inviato: mercoledì 19 febbraio 2003 18.36
A: axis-user@ws.apache.org
Oggetto: Re: security - AdminService

RC1 has a document on security...it should answer your questions.
AdminService only accepts calls from the local host, and it already has
a
default password..you can change it if you want

----- Original Message -----
From: "Gianluca Del buono" <gianluca.delbuono@caliari.it>
To: <axis-user@ws.apache.org>
Sent: Wednesday, February 19, 2003 01:13
Subject: security - AdminService


> Hi,
> How safe is to go into a production environment leaving the
AdminService
> enabled ? That would make my web services vulnerable to a malicious
> attack where -for example- someone could use the AdminService to
easily
> undeploy my services.
> What are the security precautions I should take before deploying my
axis
> server into a production environment ?
> Should I disable the AdminService ? But what are the drawback of this
> option ? Or would'nt be better to set a password for the AdminService?
> Is it possible , and how ?
>
> Many thanks in advance for your help.
>
> Gianluca
>
>
>





Mime
View raw message