Hi Diwan, On Sat, Sep 14, 2013 at 7:47 AM, Nirmal Fernando <[email protected]> wrote:
> Hi Diwan, > > Please see the answers for some of the questions. > > > On Sat, Sep 14, 2013 at 6:28 AM, Abhijit Diwan <[email protected]> wrote: > >> Any Help on this. It is big company and if they do not find it secure we >> have to drop the implementation. >> >> Please help. >> thanks >> Abhijit >> On Sep 12, 2013, at 3:39 PM, Abhijit Diwan wrote: >> >> > Hi All >> > >> > We are in final few steps of WSO2 ESB / Data services >> implementation at very big company. They love your Data Services, I mean it >> , love it !! >> > >> > We are trying to pass the Information Security review of our WSO2 >> ESB implementation. We are using 4.0.3 EAB with 3.2.2 DSS feature. >> > >> > Information security group has objected for following things in >> default WSO2 ESB >> > >> > 1. QPID / AMQP server listening to 5672 / 8672 ports. Can >> we disable the default message broker so that QPID will not start. If we >> disable, will it affect any other functionality? We are >> NOT using message brokers / any JMS related applications, mainly Data >> Services. >> > You can disable QPID server listening on 8672 TLS port with the following configuration change. Go to <ESB_HOME>/repository/conf/advanced/qpid-config.xml file and change the <ssl> entry as below. <broker> <connector> <!-- To enable SSL edit the keystorePath and keystorePassword and set enabled to true. To disasble Non-SSL port set sslOnly to true --> <ssl> *<enabled>false</enabled>* <sslOnly>false</sslOnly> <keystorePath>repository/resources/security/wso2carbon.jks</keystorePath> <keystorePassword>wso2carbon</keystorePassword> </ssl> After that QPID Broker will not be starting on TLS port. However regarding disabling the Qpid Server in 5672 TCP port, ESB 4.0.3 version comes with an embedded QPID broker which is tightly coupled with other ESB components. Therefore unfortunately it is not possible to detach the broker from the ESB with a configuration setting. We have changed this after ESB 4.5.x versions where the embedded Qpid broker is no longer shipped with ESB, therefore if it is possible, you can upgrade the ESB version in order to meet this requirement. Thanks, Ishara > > >> > 2. How to block JMX console being started? The JMX >> console starts at 11111 / 9999 be default. >> > > In {CARBON-HOME}/repository/conf/advanced/jmx.xml file, you can disable > jmx console. > > <StartRMIServer>false</StartRMIServer> > >> > >> > 3. We have already disabled Admin UI, however is there >> any way where I can turn the logging levels for individual loggers with out >> Admin UI and WITHOUT re- starting the ESB? >> > > I'm afraid not (AFAIK). The only other way is by editing > {CARBON-HOME}/repository/conf/log4j.properties file, which needs a restart > of the server. > > > >> > I would be extremely thankful if I can answers for above >> questions. >> > >> > Please help WSO2 implementation in very prestigious company. >> > >> > WSO2 rocks !!! >> > >> > thanks >> > Abhijit >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> > > > > -- > > Thanks & regards, > Nirmal > > Senior Software Engineer- Platform Technologies Team, WSO2 Inc. > Mobile: +94715779733 > Blog: http://nirmalfdo.blogspot.com/ > > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Ishara Premasada Software Engineer, WSO2 Inc. http://wso2.com/ *Blog : http://isharapremadasa.blogspot.com/ Twitter : https://twitter.com/ishadil Mobile : +94 714445832*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
