In fact, we don't need to secure the applet (that is not necessary as nothing is really critical in the applet and the way applet are integrated in browsers generates two auth step: one for the page and one for the applet, so we should move the applet in another folder and make it "non-private"
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Adrian Brock > Sent: vendredi, 31. octobre 2003 16:27 > To: [EMAIL PROTECTED] > Subject: RE: [JBoss-user] Securing JBoss > > On Fri, 2003-10-31 at 15:09, Brian McSweeney wrote: > > Thanks for all your help Adrian, > > > > Checked out Scott's mail. Sounds exactly what I'll need. I'll muddle > > through it myself till then :-) > > > > One thing about securing the web-console - the forum says > you have to > > protect the applet aswell. I understand the basics of web > app security > > using jaas - have used it to secure the jmx console. > However, I'm unsure > > how to do this for the applet. Any idea how? > > > > Sorry, I'm not much of web programmer. > Maybe Sacha or Juha knows what "securing the applet" means? > > Regards, > Adrian > > > Thanks very much, > > > > Brian > > > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Adrian > > Brock > > Sent: 31 October 2003 14:04 > > To: [EMAIL PROTECTED] > > Subject: RE: [JBoss-user] Securing JBoss > > > > On Fri, 2003-10-31 at 13:48, Brian McSweeney wrote: > > > Hi Adrian, > > > > > > I saw that file before, but it isn't used in the default deploy of > > jboss > > > right? > > > > > > I've spent a good few hours reading the JBoss admin docs, and the > > forums > > > and > > > Unfortunately there doesn't seem to be a decent single "how to > > > manage/secure a default jboss server" > > > > > > > Correct. There was some talk about delivering a "secure" > configuration > > of jboss like all or minimal. > > It would be completely unusable until you explicity configured the > > security. > > It hasn't been done yet. > > > > > Is the binding manager a good place to manage all the > ports for jboss, > > > and if so, why isn't this service used by a default jboss? > > > > > > > The binding manager was written to allow two jboss instances > > to run on the same machine. > > It isn't enabled by default, because JBoss uses a component view of > > services rather than a server view (which is what the > binding manager > > is). > > i.e. you can configure each component in one place without some > > magic overriding your configuration. > > > > > Also, searching on the forums led me to find things like: > > > > > > http://www.jboss.org/thread.jsp?forum=63&thread=37875 > > > > > > which says the web-console must be secured, but doesn't > say how to do > > > this. > > > > This is just standard web app security, see the jaas howto > > > > > > > > I think jboss is brilliant, and advancing so fast, but > for a new user > > > setting up a default server, this information is crucial. > We've paid > > for > > > the admin docs, but still can't seem to find what and how > needs to be > > > secured. > > > > > > > Scott has started this documentation. See this post to jboss-dev. > > It is probably too much of a 10,000 ft view and too limited > > in scope for your current needs. > > > http://www.mail-archive.com/jboss-development%40lists.sourcefo > rge.net/ms > > g38012.html > > > > Regards, > > Adrian > > > > > Thanks for all your help, > > > Brian > > > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf > Of Adrian > > > Brock > > > Sent: 31 October 2003 13:14 > > > To: [EMAIL PROTECTED] > > > Subject: Re: [JBoss-user] Securing JBoss > > > > > > You can find the list of port bindings in > > > docs/examples/binding-manager/sample-bindings.xml > > > > > > Look at the "default" section > > > > > > I hope you can read xsl :-) > > > > > > Regards, > > > Adrian > > > > > > On Fri, 2003-10-31 at 12:11, Brian McSweeney wrote: > > > > Hi all, > > > > > > > > Following on Sebastian Hauer's email advice I used the following > > > program > > > > to find out what ports JBoss uses. > > > > > > > > http://www.tucows.com/preview/213738.html > > > > > > > > I think the following information might help others too > when they > > are > > > > deploying jboss. My application is probably quite like > what others > > are > > > > doing. It's very standard in architecture. > > > > > > > > Struts --- > Stateless Session Beans --- > CMP EJBs / and MDBs > > > > > > > > Basically, a simple web application. > > > > > > > > A port scan reveals the following ports are being used by the > > default > > > > folder when my ear is deployed on JBoss 3.2.2. > > > > > > > > If people are able to tell me what the few unknown ports are it > > would > > > be > > > > helpful too. > > > > > > > > All comments are much appreciated! Hopefully this can > help others as > > > to > > > > what the average user should shut down to secure and optimize a > > > default > > > > jboss 3.2.2. > > > > > > > > List of open ports with a JBoss 3.2.2 running port scan > > > > > > > > I found that there are 14 open ports on my default > deploy of JBoss > > > 3.2.2 > > > > > > > > > > ============================================================== > ========== > > > > = > > > > > > > > > > > > Port Number Open: 3246 > > > > Associated Function: unknown > > > > What it does: unknown > > > > How to disable: unknown > > > > > > > > > > > > Port Number Open: 1162 > > > > Associated Function: SNMP manager > > > > What it does: Simple Network Management Protocol - > > sends error > > > > messages via snmp protocol > > > > How to disable: remove snmp-adaptor.sar > from deploy > > > > folder? > > > > Should I disable probably > > > > > > > > > > > > Port Number Open: 3251 > > > > Associated Function: unknown > > > > What it does: unknown > > > > How to disable: unknown > > > > Should I disable unknown > > > > > > > > Port Number Open: 8093 > > > > Associated Function: Unified Invocation Layer > > > > What it does: not sure, but the JBossMQ might use it > > > > How to disable: remove the > /deploy/jms/uil2-service.xml > > > > file? > > > > Should I disable unknown > > > > > > > > > > > > Port Number Open: 3248 > > > > Associated Function: unknown > > > > What it does: unknown > > > > How to disable: unknown > > > > Should I disable unknown > > > > > > > > > > > > Port Number Open: 8092 > > > > Associated Function: OIL2 service - Optimizated Invocation > > Layer > > > > What it does: not sure, but the JBossMQ might use it > > > > How to disable: remove the > /deploy/jms/oil2-service.xml > > > > file? > > > > Should I disable unknown > > > > > > > > > > > > Port Number Open: 8090 > > > > Associated Function: OIL service - Optimizated Invocation > > Layer > > > > What it does: not sure, but the JBossMQ might use it > > > > How to disable: remove the > /deploy/jms/oil-service.xml > > > > file? > > > > Should I disable unknown > > > > Should I disable unknown > > > > > > > > > > > > Port Number Open: 8009 > > > > Associated Function: A AJP 1.3 Connector > > > > What it does: allows tomcat to connect to front end > > apache > > > > How to disable: comment out the AJP > section in the > > > > /deploy/jbossweb-tomcat41.sar/META-INF/jboss-service.xml file? > > > > Should I disable probably > > > > > > > > > > > > Port Number Open: 4445 > > > > Associated Function: PooledInvoker > > > > What it does: database pool, or perhaps bean pool > > manager? > > > > How to disable: comment out in the > > > > /conf/jboss-service.xml file > > > > Should I disable probably not > > > > > > > > > > > > Port Number Open: 4444 > > > > Associated Function: RMI/JRMP invoker > > > > What it does: rmi manager? > > > > How to disable: comment out in the > > > > /conf/jboss-service.xml file > > > > Should I disable probably not > > > > > > > > Port Number Open: 1099 > > > > Associated Function: naming service > > > > What it does: JNDI - directory location for all > > > > services/beans/etc > > > > How to disable: comment out in the > > > > /conf/jboss-service.xml file > > > > Should I disable no > > > > > > > > Port Number Open: 1098 > > > > Associated Function: rmi port > > > > What it does: Remote method invocation port > > > > How to disable: comment out in the > > > > /conf/jboss-service.xml file > > > > Should I disable no > > > > > > > > Port Number Open: 8083 > > > > Associated Function: web services > > > > What it does: web services invocation port??? > > > > How to disable: comment out in the > > > > /conf/jboss-service.xml file > > > > Should I disable probably > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------- > > > > This SF.net email is sponsored by: SF.net Giveback Program. > > > > Does SourceForge.net help you be more productive? Does it > > > > help you create better code? SHARE THE LOVE, and help us help > > > > YOU! Click Here: http://sourceforge.net/donate/ > > > > _______________________________________________ > > > > JBoss-user mailing list > > > > [EMAIL PROTECTED] > > > > https://lists.sourceforge.net/lists/listinfo/jboss-user > -- > xxxxxxxxxxxxxxxxxxxxxxxx > Adrian Brock > Director of Support > Back Office > JBoss Group, LLC > xxxxxxxxxxxxxxxxxxxxxxxx > > > > ------------------------------------------------------- > This SF.net email is sponsored by: SF.net Giveback Program. > Does SourceForge.net help you be more productive? Does it > help you create better code? SHARE THE LOVE, and help us help > YOU! Click Here: http://sourceforge.net/donate/ > _______________________________________________ > JBoss-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/jboss-user > > > ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
