Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 32389 invoked from network); 25 Nov 2006 17:29:39 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 25 Nov 2006 17:29:39 -0000 Received: (qmail 75267 invoked by uid 500); 25 Nov 2006 17:29:40 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 75231 invoked by uid 500); 25 Nov 2006 17:29:40 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 75220 invoked by uid 99); 25 Nov 2006 17:29:40 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 25 Nov 2006 09:29:40 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of ammulder@gmail.com designates 64.233.182.185 as permitted sender) Received: from [64.233.182.185] (HELO nf-out-0910.google.com) (64.233.182.185) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 25 Nov 2006 09:29:28 -0800 Received: by nf-out-0910.google.com with SMTP id x37so1524068nfc for ; Sat, 25 Nov 2006 09:29:06 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=ejROotqZuWOI+3TXwAe6Tqa9XX64uq0jBSupK6Y2rSKoCWDV+FLpqYJvk+p9/vuOyYCYrB7ccj3T1kd0t7aKkIZAzDukw6FYVCQIDlllYeb9CHiL3CiKrNnrm2FQshVrCEfp3C5ECNynoXMGN5pWYZsjovMQe6EVFsegPaNHWw4= Received: by 10.82.114.3 with SMTP id m3mr1738017buc.1164475746309; Sat, 25 Nov 2006 09:29:06 -0800 (PST) Received: by 10.82.118.19 with HTTP; Sat, 25 Nov 2006 09:29:05 -0800 (PST) Message-ID: <74e15baa0611250929q7c3fd3bfme493e0fabb85139f@mail.gmail.com> Date: Sat, 25 Nov 2006 12:29:05 -0500 From: "Aaron Mulder" Sender: ammulder@gmail.com To: dev@geronimo.apache.org Subject: Re: Security Issue with hot deployer In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <1f52a95c0611232227q2408cd3bl28dc44ee9d75c8f@mail.gmail.com> X-Google-Sender-Auth: 921cfc29d560df4e X-Virus-Checked: Checked by ClamAV on apache.org On 11/25/06, David Jencks wrote: > If your machine is unsecured, then people deploying rogue apps in > geronimo should probably be the least of your worries. > > If you are still concerned about the security of the hot deployer, > you should turn it off. Except that if the machine is really unsecured, there's little you can do. You can turn the hot deployer service off but if someone timed it right they could edit config.xml and cause the hot deployer to start next time Geronimo was started. Or edit the accounts in the administrative security realm and then just use the deploy tool. You could delete things from the repository but they could put them back there. Bottom line, if you're concerned about security, I think your app server file permissions should be locked down, regardless of which product you're using. Thanks, Aaron > On Nov 23, 2006, at 10:27 PM, Rakesh Midha wrote: > > > Hello > > > > I was wondering if this is a security breach. > > > > If I deploy some business critical application names myApp on > > Geronimo server deployed using deploy tool or hot deployer. Now > > with deploy tool I cannot change or uninstall this application > > without Geronimo username and password. > > > > If for some reason my machine is unsecured and I am dependent on > > Geronimo security, one can easily manuplate or uninstall my > > application by just placing a junk application named myApp in my > > hot deployer. isn't it a security breach. > > > > I think I should be allowed to > > 1. Configure security settings for Hot deployer > > 2. Start and stop hot deployment (which can be done by stopping > > hotdeploy module) > > 3. One way could be, All the hot deployer operations prompt for > > username and password on server console. > > > > What is your view on this? Am I missing something? > > > > Thanks > > Rakesh > > > > > >