geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From raxpl <ra...@ANGLESEY.GOV.UK>
Subject Re: securing admin access
Date Mon, 28 Aug 2006 19:18:06 GMT

thanks, that's a start, i'll do some digging and see what can be done...

Aaron Mulder wrote:
> On 8/28/06, raxpl <> wrote:
>> thanks for getting back...
>> not sure about the "it should be as secure as any other web application"
>> -
>> you might be right, but
>> just exposing a console appears to me risky...any cracker can reach it to
>> try and crack the password using standard techniques because they can get
>> to
>> the console up if they know anything about geronimo...
> True, but you can enable the lockout after a certain number of login
> attempts if you are worried about a brute-force attack.
>> I wouldn't be quite so
>> paranoid if the jrun docs hadn't identified their console as a security
>> risk
>> ! and it's very similar. I live in fear...but geronimo is a great
>> achievement (i switched from zope3...and that's a cracking bit of kit but
>> lacks fundamental facilities like standardised messaging).
>> As for "It is also possible to configure Geronimo so different
>> applications
>> are attached to different ports (though it's not terribly
>> straightforward)"
>> - yes, this is what i was trying to achieve but didn't get anywhere...
>> can
>> you give a few pointers ? i'll write a tech note on it for other people -
>> deal ?
> David Jencks worked this out.  I believe the procedure is to configure
> a second web container, set the ports on each web container to be
> different, and then use an element in the web app deployment plan to
> indicate which web apps go to which container (and therefore which
> apps are exposed on which ports).  I don't have more details at the
> moment by David might or I think the issue has come up on the mailing
> list before.
> Thanks,
>      Aaron

View this message in context:
Sent from the Apache Geronimo - Users forum at

View raw message