Cool, thanks

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sacha
Labourey
Sent: 31 October 2003 15:46
To: [EMAIL PROTECTED]
Subject: RE: [JBoss-user] Securing JBoss

In fact, we don't need to secure the applet (that is not necessary as
nothing is really critical in the applet and the way applet are
integrated
in browsers generates two auth step: one for the page and one for the
applet, so we should move the applet in another folder and make it
"non-private" 

> -----Original Message-----
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of 
> Adrian Brock
> Sent: vendredi, 31. octobre 2003 16:27
> To: [EMAIL PROTECTED]
> Subject: RE: [JBoss-user] Securing JBoss
> 
> On Fri, 2003-10-31 at 15:09, Brian McSweeney wrote:
> > Thanks for all your help Adrian,
> > 
> > Checked out Scott's mail. Sounds exactly what I'll need. I'll muddle
> > through it myself till then :-)
> > 
> > One thing about securing the web-console - the forum says 
> you have to
> > protect the applet aswell. I understand the basics of web 
> app security
> > using jaas - have used it to secure the jmx console. 
> However, I'm unsure
> > how to do this for the applet. Any idea how?
> > 
> 
> Sorry, I'm not much of web programmer.
> Maybe Sacha or Juha knows what "securing the applet" means?
> 
> Regards,
> Adrian
> 
> > Thanks very much,
> > 
> > Brian
> > 
> > 
> > 
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Adrian
> > Brock
> > Sent: 31 October 2003 14:04
> > To: [EMAIL PROTECTED]
> > Subject: RE: [JBoss-user] Securing JBoss
> > 
> > On Fri, 2003-10-31 at 13:48, Brian McSweeney wrote:
> > > Hi Adrian,
> > > 
> > > I saw that file before, but it isn't used in the default deploy of
> > jboss
> > > right?
> > > 
> > > I've spent a good few hours reading the JBoss admin docs, and the
> > forums
> > > and 
> > > Unfortunately there doesn't seem to be a decent single "how to
> > > manage/secure a default jboss server"
> > > 
> > 
> > Correct. There was some talk about delivering a "secure" 
> configuration
> > of jboss like all or minimal.
> > It would be completely unusable until you explicity configured the
> > security.
> > It hasn't been done yet.
> > 
> > > Is the binding manager a good place to manage all the 
> ports for jboss,
> > > and if so, why isn't this service used by a default jboss?
> > > 
> > 
> > The binding manager was written to allow two jboss instances
> > to run on the same machine. 
> > It isn't enabled by default, because JBoss uses a component view of
> > services rather than a server view (which is what the 
> binding manager
> > is).
> > i.e. you can configure each component in one place without some
> > magic overriding your configuration.
> > 
> > > Also, searching on the forums led me to find things like:
> > > 
> > > http://www.jboss.org/thread.jsp?forum=63&thread=37875
> > > 
> > > which says the web-console must be secured, but doesn't 
> say how to do
> > > this.
> > 
> > This is just standard web app security, see the jaas howto
> > 
> > > 
> > > I think jboss is brilliant, and advancing so fast, but 
> for a new user
> > > setting up a default server, this information is crucial. 
> We've paid
> > for
> > > the admin docs, but still can't seem to find what and how 
> needs to be
> > > secured.
> > > 
> > 
> > Scott has started this documentation. See this post to jboss-dev.
> > It is probably too much of a 10,000 ft view and too limited
> > in scope for your current needs.
> > 
> http://www.mail-archive.com/jboss-development%40lists.sourcefo
> rge.net/ms
> > g38012.html
> > 
> > Regards,
> > Adrian
> > 
> > > Thanks for all your help,
> > > Brian
> > > 
> > > 
> > > -----Original Message-----
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] On Behalf 
> Of Adrian
> > > Brock
> > > Sent: 31 October 2003 13:14
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: [JBoss-user] Securing JBoss
> > > 
> > > You can find the list of port bindings in
> > > docs/examples/binding-manager/sample-bindings.xml
> > > 
> > > Look at the "default" section
> > > 
> > > I hope you can read xsl :-)
> > > 
> > > Regards,
> > > Adrian
> > > 
> > > On Fri, 2003-10-31 at 12:11, Brian McSweeney wrote:
> > > > Hi all,
> > > > 
> > > > Following on Sebastian Hauer's email advice I used the following
> > > program
> > > > to find out what ports JBoss uses.
> > > > 
> > > > http://www.tucows.com/preview/213738.html
> > > > 
> > > > I think the following information might help others too 
> when they
> > are
> > > > deploying jboss. My application is probably quite like 
> what others
> > are
> > > > doing. It's very standard in architecture.
> > > > 
> > > > Struts --- > Stateless Session Beans --- > CMP EJBs / and MDBs
> > > > 
> > > > Basically, a simple web application. 
> > > > 
> > > > A port scan reveals the following ports are being used by the
> > default
> > > > folder when my ear is deployed on JBoss 3.2.2. 
> > > > 
> > > > If people are able to tell me what the few unknown ports are it
> > would
> > > be
> > > > helpful too.
> > > > 
> > > > All comments are much appreciated! Hopefully this can 
> help others as
> > > to
> > > > what the average user should shut down to secure and optimize a
> > > default
> > > > jboss 3.2.2.
> > > > 
> > > > List of open ports with a JBoss 3.2.2 running port scan
> > > > 
> > > > I found that there are 14 open ports on my default 
> deploy of JBoss
> > > 3.2.2
> > > >
> > >
> > 
> ==============================================================
> ==========
> > > > =
> > > > 
> > > > 
> > > > Port Number Open:       3246
> > > > Associated Function:    unknown
> > > > What it does:           unknown
> > > > How to disable:                 unknown
> > > > 
> > > > 
> > > > Port Number Open:       1162
> > > > Associated Function:    SNMP manager
> > > > What it does:           Simple Network Management Protocol -
> > sends error
> > > > messages via snmp protocol
> > > > How to disable:                 remove snmp-adaptor.sar 
> from deploy
> > > > folder?
> > > > Should I disable                probably
> > > > 
> > > > 
> > > > Port Number Open:       3251
> > > > Associated Function:    unknown
> > > > What it does:           unknown
> > > > How to disable:                 unknown
> > > > Should I disable                unknown
> > > > 
> > > > Port Number Open:       8093
> > > > Associated Function:    Unified Invocation Layer
> > > > What it does:           not sure, but the JBossMQ might use it
> > > > How to disable:                 remove the 
> /deploy/jms/uil2-service.xml
> > > > file?
> > > > Should I disable                unknown
> > > > 
> > > > 
> > > > Port Number Open:       3248
> > > > Associated Function:    unknown
> > > > What it does:           unknown
> > > > How to disable:                 unknown 
> > > > Should I disable                unknown
> > > > 
> > > > 
> > > > Port Number Open:       8092
> > > > Associated Function:    OIL2 service - Optimizated Invocation
> > Layer
> > > > What it does:           not sure, but the JBossMQ might use it
> > > > How to disable:                 remove the 
> /deploy/jms/oil2-service.xml
> > > > file? 
> > > > Should I disable                unknown
> > > > 
> > > > 
> > > > Port Number Open:       8090
> > > > Associated Function:    OIL service - Optimizated Invocation
> > Layer
> > > > What it does:           not sure, but the JBossMQ might use it
> > > > How to disable:                 remove the 
> /deploy/jms/oil-service.xml
> > > > file?
> > > > Should I disable                unknown 
> > > > Should I disable                unknown
> > > > 
> > > > 
> > > > Port Number Open:       8009
> > > > Associated Function:    A AJP 1.3 Connector
> > > > What it does:           allows tomcat to connect to front end
> > apache
> > > > How to disable:                 comment out the AJP 
> section in the
> > > > /deploy/jbossweb-tomcat41.sar/META-INF/jboss-service.xml file? 
> > > > Should I disable                probably
> > > > 
> > > > 
> > > > Port Number Open:       4445
> > > > Associated Function:    PooledInvoker
> > > > What it does:           database pool, or perhaps bean pool
> > manager?
> > > > How to disable:                 comment out in the
> > > > /conf/jboss-service.xml file 
> > > > Should I disable                probably not
> > > > 
> > > > 
> > > > Port Number Open:       4444
> > > > Associated Function:    RMI/JRMP invoker
> > > > What it does:           rmi manager?
> > > > How to disable:                 comment out in the
> > > > /conf/jboss-service.xml file 
> > > > Should I disable                probably not
> > > > 
> > > > Port Number Open:       1099
> > > > Associated Function:    naming service
> > > > What it does:           JNDI - directory location for all
> > > > services/beans/etc
> > > > How to disable:                 comment out in the
> > > > /conf/jboss-service.xml file 
> > > > Should I disable                no
> > > > 
> > > > Port Number Open:       1098
> > > > Associated Function:    rmi port
> > > > What it does:           Remote method invocation port
> > > > How to disable:                 comment out in the
> > > > /conf/jboss-service.xml file 
> > > > Should I disable                no
> > > > 
> > > > Port Number Open:       8083
> > > > Associated Function:    web services
> > > > What it does:           web services invocation port???
> > > > How to disable:                 comment out in the
> > > > /conf/jboss-service.xml file 
> > > > Should I disable                probably
> > > > 
> > > > 
> > > > 
> > > > 
> > > > -------------------------------------------------------
> > > > This SF.net email is sponsored by: SF.net Giveback Program.
> > > > Does SourceForge.net help you be more productive?  Does it
> > > > help you create better code?   SHARE THE LOVE, and help us help
> > > > YOU!  Click Here: http://sourceforge.net/donate/
> > > > _______________________________________________
> > > > JBoss-user mailing list
> > > > [EMAIL PROTECTED]
> > > > https://lists.sourceforge.net/lists/listinfo/jboss-user
> -- 
> xxxxxxxxxxxxxxxxxxxxxxxx 
> Adrian Brock
> Director of Support
> Back Office
> JBoss Group, LLC 
> xxxxxxxxxxxxxxxxxxxxxxxx 
> 
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: SF.net Giveback Program.
> Does SourceForge.net help you be more productive?  Does it
> help you create better code?   SHARE THE LOVE, and help us help
> YOU!  Click Here: http://sourceforge.net/donate/
> _______________________________________________
> JBoss-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/jboss-user
> 
> 
> 



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to