On Fri, 2003-10-31 at 15:09, Brian McSweeney wrote:
> Thanks for all your help Adrian,
> 
> Checked out Scott's mail. Sounds exactly what I'll need. I'll muddle
> through it myself till then :-)
> 
> One thing about securing the web-console - the forum says you have to
> protect the applet aswell. I understand the basics of web app security
> using jaas - have used it to secure the jmx console. However, I'm unsure
> how to do this for the applet. Any idea how?
> 

Sorry, I'm not much of web programmer.
Maybe Sacha or Juha knows what "securing the applet" means?

Regards,
Adrian

> Thanks very much,
> 
> Brian
> 
> 
> 
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Adrian
> Brock
> Sent: 31 October 2003 14:04
> To: [EMAIL PROTECTED]
> Subject: RE: [JBoss-user] Securing JBoss
> 
> On Fri, 2003-10-31 at 13:48, Brian McSweeney wrote:
> > Hi Adrian,
> > 
> > I saw that file before, but it isn't used in the default deploy of
> jboss
> > right?
> > 
> > I've spent a good few hours reading the JBoss admin docs, and the
> forums
> > and 
> > Unfortunately there doesn't seem to be a decent single "how to
> > manage/secure a default jboss server"
> > 
> 
> Correct. There was some talk about delivering a "secure" configuration
> of jboss like all or minimal.
> It would be completely unusable until you explicity configured the
> security.
> It hasn't been done yet.
> 
> > Is the binding manager a good place to manage all the ports for jboss,
> > and if so, why isn't this service used by a default jboss?
> > 
> 
> The binding manager was written to allow two jboss instances
> to run on the same machine. 
> It isn't enabled by default, because JBoss uses a component view of
> services rather than a server view (which is what the binding manager
> is).
> i.e. you can configure each component in one place without some
> magic overriding your configuration.
> 
> > Also, searching on the forums led me to find things like:
> > 
> > http://www.jboss.org/thread.jsp?forum=63&thread=37875
> > 
> > which says the web-console must be secured, but doesn't say how to do
> > this.
> 
> This is just standard web app security, see the jaas howto
> 
> > 
> > I think jboss is brilliant, and advancing so fast, but for a new user
> > setting up a default server, this information is crucial. We've paid
> for
> > the admin docs, but still can't seem to find what and how needs to be
> > secured.
> > 
> 
> Scott has started this documentation. See this post to jboss-dev.
> It is probably too much of a 10,000 ft view and too limited
> in scope for your current needs.
> http://www.mail-archive.com/jboss-development%40lists.sourceforge.net/ms
> g38012.html
> 
> Regards,
> Adrian
> 
> > Thanks for all your help,
> > Brian
> > 
> > 
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Adrian
> > Brock
> > Sent: 31 October 2003 13:14
> > To: [EMAIL PROTECTED]
> > Subject: Re: [JBoss-user] Securing JBoss
> > 
> > You can find the list of port bindings in
> > docs/examples/binding-manager/sample-bindings.xml
> > 
> > Look at the "default" section
> > 
> > I hope you can read xsl :-)
> > 
> > Regards,
> > Adrian
> > 
> > On Fri, 2003-10-31 at 12:11, Brian McSweeney wrote:
> > > Hi all,
> > > 
> > > Following on Sebastian Hauer's email advice I used the following
> > program
> > > to find out what ports JBoss uses.
> > > 
> > > http://www.tucows.com/preview/213738.html
> > > 
> > > I think the following information might help others too when they
> are
> > > deploying jboss. My application is probably quite like what others
> are
> > > doing. It's very standard in architecture.
> > > 
> > > Struts --- > Stateless Session Beans --- > CMP EJBs / and MDBs
> > > 
> > > Basically, a simple web application. 
> > > 
> > > A port scan reveals the following ports are being used by the
> default
> > > folder when my ear is deployed on JBoss 3.2.2. 
> > > 
> > > If people are able to tell me what the few unknown ports are it
> would
> > be
> > > helpful too.
> > > 
> > > All comments are much appreciated! Hopefully this can help others as
> > to
> > > what the average user should shut down to secure and optimize a
> > default
> > > jboss 3.2.2.
> > > 
> > > List of open ports with a JBoss 3.2.2 running port scan
> > > 
> > > I found that there are 14 open ports on my default deploy of JBoss
> > 3.2.2
> > >
> >
> ========================================================================
> > > =
> > > 
> > > 
> > > Port Number Open: 3246
> > > Associated Function:      unknown
> > > What it does:             unknown
> > > How to disable:           unknown
> > > 
> > > 
> > > Port Number Open: 1162
> > > Associated Function:      SNMP manager
> > > What it does:             Simple Network Management Protocol -
> sends error
> > > messages via snmp protocol
> > > How to disable:           remove snmp-adaptor.sar from deploy
> > > folder?
> > > Should I disable          probably
> > > 
> > > 
> > > Port Number Open: 3251
> > > Associated Function:      unknown
> > > What it does:             unknown
> > > How to disable:           unknown
> > > Should I disable          unknown
> > > 
> > > Port Number Open: 8093
> > > Associated Function:      Unified Invocation Layer
> > > What it does:             not sure, but the JBossMQ might use it
> > > How to disable:           remove the /deploy/jms/uil2-service.xml
> > > file?
> > > Should I disable          unknown
> > > 
> > > 
> > > Port Number Open: 3248
> > > Associated Function:      unknown
> > > What it does:             unknown
> > > How to disable:           unknown 
> > > Should I disable          unknown
> > > 
> > > 
> > > Port Number Open: 8092
> > > Associated Function:      OIL2 service - Optimizated Invocation
> Layer
> > > What it does:             not sure, but the JBossMQ might use it
> > > How to disable:           remove the /deploy/jms/oil2-service.xml
> > > file? 
> > > Should I disable          unknown
> > > 
> > > 
> > > Port Number Open: 8090
> > > Associated Function:      OIL service - Optimizated Invocation
> Layer
> > > What it does:             not sure, but the JBossMQ might use it
> > > How to disable:           remove the /deploy/jms/oil-service.xml
> > > file?
> > > Should I disable          unknown 
> > > Should I disable          unknown
> > > 
> > > 
> > > Port Number Open: 8009
> > > Associated Function:      A AJP 1.3 Connector
> > > What it does:             allows tomcat to connect to front end
> apache
> > > How to disable:           comment out the AJP section in the
> > > /deploy/jbossweb-tomcat41.sar/META-INF/jboss-service.xml file? 
> > > Should I disable          probably
> > > 
> > > 
> > > Port Number Open: 4445
> > > Associated Function:      PooledInvoker
> > > What it does:             database pool, or perhaps bean pool
> manager?
> > > How to disable:           comment out in the
> > > /conf/jboss-service.xml file 
> > > Should I disable          probably not
> > > 
> > > 
> > > Port Number Open: 4444
> > > Associated Function:      RMI/JRMP invoker
> > > What it does:             rmi manager?
> > > How to disable:           comment out in the
> > > /conf/jboss-service.xml file 
> > > Should I disable          probably not
> > > 
> > > Port Number Open: 1099
> > > Associated Function:      naming service
> > > What it does:             JNDI - directory location for all
> > > services/beans/etc
> > > How to disable:           comment out in the
> > > /conf/jboss-service.xml file 
> > > Should I disable          no
> > > 
> > > Port Number Open: 1098
> > > Associated Function:      rmi port
> > > What it does:             Remote method invocation port
> > > How to disable:           comment out in the
> > > /conf/jboss-service.xml file 
> > > Should I disable          no
> > > 
> > > Port Number Open: 8083
> > > Associated Function:      web services
> > > What it does:             web services invocation port???
> > > How to disable:           comment out in the
> > > /conf/jboss-service.xml file 
> > > Should I disable          probably
> > > 
> > > 
> > > 
> > > 
> > > -------------------------------------------------------
> > > This SF.net email is sponsored by: SF.net Giveback Program.
> > > Does SourceForge.net help you be more productive?  Does it
> > > help you create better code?   SHARE THE LOVE, and help us help
> > > YOU!  Click Here: http://sourceforge.net/donate/
> > > _______________________________________________
> > > JBoss-user mailing list
> > > [EMAIL PROTECTED]
> > > https://lists.sourceforge.net/lists/listinfo/jboss-user
-- 
xxxxxxxxxxxxxxxxxxxxxxxx 
Adrian Brock
Director of Support
Back Office
JBoss Group, LLC 
xxxxxxxxxxxxxxxxxxxxxxxx 



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to