tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: [OT] clear text keystore password in server.xml
Date Sat, 04 Sep 2010 10:05:53 GMT
On 02.09.2010 18:55, Pid wrote:
> On 02/09/2010 17:31, Christopher Schultz wrote:
>> Pid,
>>
>> On 9/2/2010 11:51 AM, Pid wrote:
>>> ..lots of info is available by JMX, once the server is up.  In Java 6
>>> you can attach to the process locally, without having to configure the
>>> JMX ports because it injects the management agent into the virtual machine.
>>
>> I hadn't considered that, never having used JMX. Are you saying that
>> anyone with local access can snoop a JVM? What are the strategies
>> available to prohibit that? Can you disable local JMX altogether? How
>> about some kind of authentication?
>
> Pretty much.  I'm not sure how to disable it, I've only just got the
> hang of enabling it.
>
> http://download.oracle.com/javase/6/docs/jdk/api/attach/spec/com/sun/tools/attach/VirtualMachine.html
>
> Also: sun.management.ConnectorAddressLink, but I can't find a javadoc
> for that.

I thought it uses a local file created by the JVM which only allows 
access, if you are the same user (or root). The marketing terminology 
for this Java 6 feature was "attach on demand".

See also

http://weblogs.java.net/blog/emcmanus/archive/2005/09/mustang_jdk_now.html

with some examples here:

http://blogs.sun.com/sundararajan/entry/using_mustang_s_attach_api

http://blogs.sun.com/sundararajan/entry/my_experiments_with_attach_on

and API Javadoc:

http://download-llnw.oracle.com/javase/6/docs/jdk/api/attach/spec/index.html

Regards,

Rainer

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message