tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <>
Subject Re: [OT] clear text keystore password in server.xml
Date Sat, 04 Sep 2010 10:05:53 GMT
On 02.09.2010 18:55, Pid wrote:
> On 02/09/2010 17:31, Christopher Schultz wrote:
>> Pid,
>> On 9/2/2010 11:51 AM, Pid wrote:
>>> ..lots of info is available by JMX, once the server is up.  In Java 6
>>> you can attach to the process locally, without having to configure the
>>> JMX ports because it injects the management agent into the virtual machine.
>> I hadn't considered that, never having used JMX. Are you saying that
>> anyone with local access can snoop a JVM? What are the strategies
>> available to prohibit that? Can you disable local JMX altogether? How
>> about some kind of authentication?
> Pretty much.  I'm not sure how to disable it, I've only just got the
> hang of enabling it.
> Also:, but I can't find a javadoc
> for that.

I thought it uses a local file created by the JVM which only allows 
access, if you are the same user (or root). The marketing terminology 
for this Java 6 feature was "attach on demand".

See also

with some examples here:

and API Javadoc:



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message