geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rakesh Midha" <midha.rak...@gmail.com>
Subject Security Issue with hot deployer
Date Fri, 24 Nov 2006 06:27:06 GMT
Hello

I was wondering if this is a security breach.

If I deploy some business critical application names myApp on Geronimo
server deployed using deploy tool or hot deployer. Now with deploy tool I
cannot change or uninstall this application without Geronimo username and
password.

If for some reason my machine is unsecured and I am dependent on Geronimo
security, one can easily manuplate or uninstall my application by just
placing a junk application named myApp in my hot deployer. isn't it a
security breach.

I think I should be allowed to
1. Configure security settings for Hot deployer
2. Start and stop hot deployment (which can be done by stopping hotdeploy
module)
3. One way could be, All the hot deployer operations prompt for username and
password on server console.

What is your view on this? Am I missing something?

Thanks
Rakesh

Mime
View raw message