If your machine is unsecured, then people deploying rogue apps in
geronimo should probably be the least of your worries.
If you are still concerned about the security of the hot deployer,
you should turn it off.
thanks
david jencks
On Nov 23, 2006, at 10:27 PM, Rakesh Midha wrote:
Hello
I was wondering if this is a security breach.
If I deploy some business critical application names myApp on
Geronimo server deployed using deploy tool or hot deployer. Now
with deploy tool I cannot change or uninstall this application
without Geronimo username and password.
If for some reason my machine is unsecured and I am dependent on
Geronimo security, one can easily manuplate or uninstall my
application by just placing a junk application named myApp in my
hot deployer. isn't it a security breach.
I think I should be allowed to
1. Configure security settings for Hot deployer
2. Start and stop hot deployment (which can be done by stopping
hotdeploy module)
3. One way could be, All the hot deployer operations prompt for
username and password on server console.
What is your view on this? Am I missing something?
Thanks
Rakesh
