geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron Mulder" <ammul...@alumni.princeton.edu>
Subject Re: securing admin access
Date Mon, 28 Aug 2006 19:10:03 GMT
On 8/28/06, raxpl <raxpl@anglesey.gov.uk> wrote:
>
> thanks for getting back...
> not sure about the "it should be as secure as any other web application" -
> you might be right, but
> just exposing a console appears to me risky...any cracker can reach it to
> try and crack the password using standard techniques because they can get to
> the console up if they know anything about geronimo...

True, but you can enable the lockout after a certain number of login
attempts if you are worried about a brute-force attack.

> I wouldn't be quite so
> paranoid if the jrun docs hadn't identified their console as a security risk
> ! and it's very similar. I live in fear...but geronimo is a great
> achievement (i switched from zope3...and that's a cracking bit of kit but
> lacks fundamental facilities like standardised messaging).
> As for "It is also possible to configure Geronimo so different applications
> are attached to different ports (though it's not terribly straightforward)"
> - yes, this is what i was trying to achieve but didn't get anywhere... can
> you give a few pointers ? i'll write a tech note on it for other people -
> deal ?

David Jencks worked this out.  I believe the procedure is to configure
a second web container, set the ports on each web container to be
different, and then use an element in the web app deployment plan to
indicate which web apps go to which container (and therefore which
apps are exposed on which ports).  I don't have more details at the
moment by David might or I think the issue has come up on the mailing
list before.

Thanks,
     Aaron

Mime
View raw message