tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid <...@pidster.com>
Subject Re: MBeans and credentials
Date Sat, 02 Oct 2010 08:15:07 GMT
On 01/10/2010 19:32, Rainer Jung wrote:
> Should we remove the following attributes from the respective mbeans?
> 
> - "shutdown" from "Catalina:type=Server"

If you've got JMX access, there's various 'stop()' methods to call.
Maybe this one doesn't matter so much, as the socket's bound to a local
address anyway.

> - "keyPass" from "Catalina:type=ProtocolHandler,port=8080"
> - "password" from "User"
> - "connectionPassword" from "JDBCRealm"
> - "password" for a DataSource (?)
> 
> Or at least allow to drop them from a jmxproxy query (e.g.
> qry=*:*&filter=nopass).

I've seen a DB impl (C3P0 maybe) where the field is present, but the
data obscured with stars.  Not sure how that was achieved.

> Of course it is likely that people having access to JMX are already
> powerful enough to do harm. On the other hand at least exports via
> jmxproxy are not to unlikely to get passed outside for troubleshooting.
> 
> Is anyone aware of more of those?

The new pool impl, tomcat-jdbc.

> What about user names for the cases where they also exist?

Leaving those in might be a good idea.


p

> Regards,
> 
> Rainer
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
> 


Mime
View raw message