tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Howard W. Smith, Jr." <smithh032...@gmail.com>
Subject Re: JAVA_OPTS catalina.bat vs tomcat7w.exe
Date Mon, 25 Feb 2013 20:08:17 GMT
On Mon, Feb 25, 2013 at 2:42 PM, Caldarale, Charles R <
Chuck.Caldarale@unisys.com> wrote:

> > From: Leo Donahue - RDSA IT [mailto:LeoDonahue@mail.maricopa.gov]
> > Subject: RE: JAVA_OPTS catalina.bat vs tomcat7w.exe
>
> > -Dcom.sun.management.jmxremote=true
> > -Dcom.sun.management.jmxremote.port=9090
> > -Dcom.sun.management.jmxremote.ssl=false
> > -Dcom.sun.management.jmxremote.authenticate=false
>
> Since you have JMX enabled without authentication, the server is open to
> abuse from pretty much anyone who can reach it.
>
>
Chuck, I have similar settings, and so far, so good (no abuse/attack), and
I recently re-added jmx settings in tomcat7w.exe for my app...just to
routinely check performance and/or memory-used by the app, while running on
production server.

can you please clarify 'the server is open to abuse from pretty much anyone
who can reach it'? can you refer to me a blog or an article that discusses
app abuse via jmx? i have hardware firewall in place and the jmx port is
not open/available at the hardware firewall level. I usually login remotely
to production server, and open Java visual VM to check status of the app
(via JMX).


 - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-mail and
> its attachments from all computers.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message