geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: Security Issue with hot deployer
Date Sat, 25 Nov 2006 17:33:48 GMT

On Nov 25, 2006, at 9:29 AM, Aaron Mulder wrote:

> On 11/25/06, David Jencks <david_jencks@yahoo.com> wrote:
>> If your machine is unsecured, then people deploying rogue apps in
>> geronimo should probably be the least of your worries.
>>
>> If you are still concerned about the security of the hot deployer,
>> you should turn it off.
>
> Except that if the machine is really unsecured, there's little you can
> do.  You can turn the hot deployer service off but if someone timed it
> right they could edit config.xml and cause the hot deployer to start
> next time Geronimo was started.  Or edit the accounts in the
> administrative security realm and then just use the deploy tool.  You
> could delete things from the repository but they could put them back
> there.  Bottom line, if you're concerned about security, I think your
> app server file permissions should be locked down, regardless of which
> product you're using.

Exactly.  I meant "If you are still concerned about the security of  
the hot deployer after thoroughly securing your machine, turn the hot  
deployer off."  I should have added, remove the hot deploy jar and  
car from your server.

thanks
david jencks

>
> Thanks,
>     Aaron
>
>> On Nov 23, 2006, at 10:27 PM, Rakesh Midha wrote:
>>
>> > Hello
>> >
>> > I was wondering if this is a security breach.
>> >
>> > If I deploy some business critical application names myApp on
>> > Geronimo server deployed using deploy tool or hot deployer. Now
>> > with deploy tool I cannot change or uninstall this application
>> > without Geronimo username and password.
>> >
>> > If for some reason my machine is unsecured and I am dependent on
>> > Geronimo security, one can easily manuplate or uninstall my
>> > application by just placing a junk application named myApp in my
>> > hot deployer. isn't it a security breach.
>> >
>> > I think I should be allowed to
>> > 1. Configure security settings for Hot deployer
>> > 2. Start and stop hot deployment (which can be done by stopping
>> > hotdeploy module)
>> > 3. One way could be, All the hot deployer operations prompt for
>> > username and password on server console.
>> >
>> > What is your view on this? Am I missing something?
>> >
>> > Thanks
>> > Rakesh
>> >
>> >
>>
>>


Mime
View raw message