geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron Mulder" <ammul...@alumni.princeton.edu>
Subject Re: securing admin access
Date Mon, 28 Aug 2006 17:13:28 GMT
On 8/28/06, raxpl <raxpl@anglesey.gov.uk> wrote:
> answer was in apache reverse proxy bit of the admin docs (yes it is a
> security risk if left open...)

It's not necessarily a security risk...  If you change the default
administrator account and access the console via HTTPS, it should be
as secure as any other web application.

It is also possible to configure Geronimo so different applications
are attached to different ports (though it's not terribly
straightforward).  That way, even without the Apache web server
involved, you can expose only user applications via a particular port.

> "In this example the console has been enabled just for demonstation
> purposes. In a production environment you will not want to have the console
> accessible from the other network (normally the Internet). Having the
> console accessible represents a big security exposure."

Again, I'd say the risk is only if you leave the default
system/manager account enabled, and possibly if you access the console
via HTTP, depending on your tolerance for plain text logins.

Thanks,
     Aaron

> raxpl wrote:
> >
> > hi list
> > jrun docs used to recommended that web admin. access was masked off (by
> > using iptables/firewall to block incoming packets on that port unless from
> > a known ip or range of ip's (great unless you're on dynamic ip's) but the
> > jrun admin. was on a different port from anything else so didn't interfere
> > with content...this simple to achieve on geronimo ? (an xml file somewhere
> > ?) or just a waste of effort ?
> > rich
> >
>
> --
> View this message in context: http://www.nabble.com/securing-admin-access-tf2158727.html#a6017541
> Sent from the Apache Geronimo - Users forum at Nabble.com.
>
>

Mime
View raw message