geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: Security Issue with hot deployer
Date Sat, 25 Nov 2006 16:29:29 GMT
If your machine is unsecured, then people deploying rogue apps in  
geronimo should probably be the least of your worries.

If you are still concerned about the security of the hot deployer,  
you should turn it off.

thanks
david jencks

On Nov 23, 2006, at 10:27 PM, Rakesh Midha wrote:

> Hello
>
> I was wondering if this is a security breach.
>
> If I deploy some business critical application names myApp on  
> Geronimo server deployed using deploy tool or hot deployer. Now  
> with deploy tool I cannot change or uninstall this application  
> without Geronimo username and password.
>
> If for some reason my machine is unsecured and I am dependent on  
> Geronimo security, one can easily manuplate or uninstall my  
> application by just placing a junk application named myApp in my  
> hot deployer. isn't it a security breach.
>
> I think I should be allowed to
> 1. Configure security settings for Hot deployer
> 2. Start and stop hot deployment (which can be done by stopping  
> hotdeploy module)
> 3. One way could be, All the hot deployer operations prompt for  
> username and password on server console.
>
> What is your view on this? Am I missing something?
>
> Thanks
> Rakesh
>
>


Mime
View raw message