On Fri, 2003-10-31 at 15:09, Brian McSweeney wrote: > Thanks for all your help Adrian, > > Checked out Scott's mail. Sounds exactly what I'll need. I'll muddle > through it myself till then :-) > > One thing about securing the web-console - the forum says you have to > protect the applet aswell. I understand the basics of web app security > using jaas - have used it to secure the jmx console. However, I'm unsure > how to do this for the applet. Any idea how? >
Sorry, I'm not much of web programmer. Maybe Sacha or Juha knows what "securing the applet" means? Regards, Adrian > Thanks very much, > > Brian > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Adrian > Brock > Sent: 31 October 2003 14:04 > To: [EMAIL PROTECTED] > Subject: RE: [JBoss-user] Securing JBoss > > On Fri, 2003-10-31 at 13:48, Brian McSweeney wrote: > > Hi Adrian, > > > > I saw that file before, but it isn't used in the default deploy of > jboss > > right? > > > > I've spent a good few hours reading the JBoss admin docs, and the > forums > > and > > Unfortunately there doesn't seem to be a decent single "how to > > manage/secure a default jboss server" > > > > Correct. There was some talk about delivering a "secure" configuration > of jboss like all or minimal. > It would be completely unusable until you explicity configured the > security. > It hasn't been done yet. > > > Is the binding manager a good place to manage all the ports for jboss, > > and if so, why isn't this service used by a default jboss? > > > > The binding manager was written to allow two jboss instances > to run on the same machine. > It isn't enabled by default, because JBoss uses a component view of > services rather than a server view (which is what the binding manager > is). > i.e. you can configure each component in one place without some > magic overriding your configuration. > > > Also, searching on the forums led me to find things like: > > > > http://www.jboss.org/thread.jsp?forum=63&thread=37875 > > > > which says the web-console must be secured, but doesn't say how to do > > this. > > This is just standard web app security, see the jaas howto > > > > > I think jboss is brilliant, and advancing so fast, but for a new user > > setting up a default server, this information is crucial. We've paid > for > > the admin docs, but still can't seem to find what and how needs to be > > secured. > > > > Scott has started this documentation. See this post to jboss-dev. > It is probably too much of a 10,000 ft view and too limited > in scope for your current needs. > http://www.mail-archive.com/jboss-development%40lists.sourceforge.net/ms > g38012.html > > Regards, > Adrian > > > Thanks for all your help, > > Brian > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Adrian > > Brock > > Sent: 31 October 2003 13:14 > > To: [EMAIL PROTECTED] > > Subject: Re: [JBoss-user] Securing JBoss > > > > You can find the list of port bindings in > > docs/examples/binding-manager/sample-bindings.xml > > > > Look at the "default" section > > > > I hope you can read xsl :-) > > > > Regards, > > Adrian > > > > On Fri, 2003-10-31 at 12:11, Brian McSweeney wrote: > > > Hi all, > > > > > > Following on Sebastian Hauer's email advice I used the following > > program > > > to find out what ports JBoss uses. > > > > > > http://www.tucows.com/preview/213738.html > > > > > > I think the following information might help others too when they > are > > > deploying jboss. My application is probably quite like what others > are > > > doing. It's very standard in architecture. > > > > > > Struts --- > Stateless Session Beans --- > CMP EJBs / and MDBs > > > > > > Basically, a simple web application. > > > > > > A port scan reveals the following ports are being used by the > default > > > folder when my ear is deployed on JBoss 3.2.2. > > > > > > If people are able to tell me what the few unknown ports are it > would > > be > > > helpful too. > > > > > > All comments are much appreciated! Hopefully this can help others as > > to > > > what the average user should shut down to secure and optimize a > > default > > > jboss 3.2.2. > > > > > > List of open ports with a JBoss 3.2.2 running port scan > > > > > > I found that there are 14 open ports on my default deploy of JBoss > > 3.2.2 > > > > > > ======================================================================== > > > = > > > > > > > > > Port Number Open: 3246 > > > Associated Function: unknown > > > What it does: unknown > > > How to disable: unknown > > > > > > > > > Port Number Open: 1162 > > > Associated Function: SNMP manager > > > What it does: Simple Network Management Protocol - > sends error > > > messages via snmp protocol > > > How to disable: remove snmp-adaptor.sar from deploy > > > folder? > > > Should I disable probably > > > > > > > > > Port Number Open: 3251 > > > Associated Function: unknown > > > What it does: unknown > > > How to disable: unknown > > > Should I disable unknown > > > > > > Port Number Open: 8093 > > > Associated Function: Unified Invocation Layer > > > What it does: not sure, but the JBossMQ might use it > > > How to disable: remove the /deploy/jms/uil2-service.xml > > > file? > > > Should I disable unknown > > > > > > > > > Port Number Open: 3248 > > > Associated Function: unknown > > > What it does: unknown > > > How to disable: unknown > > > Should I disable unknown > > > > > > > > > Port Number Open: 8092 > > > Associated Function: OIL2 service - Optimizated Invocation > Layer > > > What it does: not sure, but the JBossMQ might use it > > > How to disable: remove the /deploy/jms/oil2-service.xml > > > file? > > > Should I disable unknown > > > > > > > > > Port Number Open: 8090 > > > Associated Function: OIL service - Optimizated Invocation > Layer > > > What it does: not sure, but the JBossMQ might use it > > > How to disable: remove the /deploy/jms/oil-service.xml > > > file? > > > Should I disable unknown > > > Should I disable unknown > > > > > > > > > Port Number Open: 8009 > > > Associated Function: A AJP 1.3 Connector > > > What it does: allows tomcat to connect to front end > apache > > > How to disable: comment out the AJP section in the > > > /deploy/jbossweb-tomcat41.sar/META-INF/jboss-service.xml file? > > > Should I disable probably > > > > > > > > > Port Number Open: 4445 > > > Associated Function: PooledInvoker > > > What it does: database pool, or perhaps bean pool > manager? > > > How to disable: comment out in the > > > /conf/jboss-service.xml file > > > Should I disable probably not > > > > > > > > > Port Number Open: 4444 > > > Associated Function: RMI/JRMP invoker > > > What it does: rmi manager? > > > How to disable: comment out in the > > > /conf/jboss-service.xml file > > > Should I disable probably not > > > > > > Port Number Open: 1099 > > > Associated Function: naming service > > > What it does: JNDI - directory location for all > > > services/beans/etc > > > How to disable: comment out in the > > > /conf/jboss-service.xml file > > > Should I disable no > > > > > > Port Number Open: 1098 > > > Associated Function: rmi port > > > What it does: Remote method invocation port > > > How to disable: comment out in the > > > /conf/jboss-service.xml file > > > Should I disable no > > > > > > Port Number Open: 8083 > > > Associated Function: web services > > > What it does: web services invocation port??? > > > How to disable: comment out in the > > > /conf/jboss-service.xml file > > > Should I disable probably > > > > > > > > > > > > > > > ------------------------------------------------------- > > > This SF.net email is sponsored by: SF.net Giveback Program. > > > Does SourceForge.net help you be more productive? Does it > > > help you create better code? SHARE THE LOVE, and help us help > > > YOU! Click Here: http://sourceforge.net/donate/ > > > _______________________________________________ > > > JBoss-user mailing list > > > [EMAIL PROTECTED] > > > https://lists.sourceforge.net/lists/listinfo/jboss-user -- xxxxxxxxxxxxxxxxxxxxxxxx Adrian Brock Director of Support Back Office JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
