Hi, Thanks for replying...
> <configManager value="com.yourClass" /> Do you mean I have to write my own config manager? I am new to SOAP for about 2 weeks. Is that the only solution? Can any soap engine developer please compile a rpcrouter container that is safe for production? In my novice opinion removing response to deploy, list, query and undeploy command from any where would be safe enough. We can live with rpcrouter loading the services component from "DeployedServices.ds". Usually the production environment are rather static. cheers, Boon Pang At 09:36 AM 10/2/2001 +1000, you wrote: >Read the documentation about configuring your Manager. Basically you have to >change the > > <init-param> > <param-name>ConfigFile</param-name> > <param-value>WEB-INF/yourconfigfile.xml</param-value> > </init-param> > >to point to your file. > >And in that file you can specify your config manager, it looks like this: > > <soapServer> > <configManager value="com.yourClass" /> > </soapServer> > > >vic . > >On Fri, 28 Sep 2001 19:14, you wrote: > > Hi, > > > > Something cross my mind..when I was using this tool: > > >Usage: java org.apache.soap.server.ServiceManagerClient [-auth > > > > username:password] url operation arguments > > > > >where > > > username and password is the HTTP Basic authentication info > > > url is the Apache SOAP router's URL whose services are managed > > > operation and arguments are: > > > deploy deployment-descriptor-file.xml > > > list > > > query service-name > > > undeploy service-name > > > > and URL is be http://somehost.somedomain.com:8080/soap/servlet/rpcrouter > > for managing the soap services. > > This is also the URL we use by the soap client to connect to for soap > > deployed services. > > > > In a production environment over the internet, this can be very dangerous. > > Hackers can use the same tool > > to exploit the soap services we publish using this URL. > > > > Is there anyway I can turn off the Manager part of the rpcrouter > > [org.apache.soap.providers.RPCJavaProvider ] > > and still allow my client to connect to this URL? Is there another > > rpcrouter that does not have any management binary > > in it? > > > > Did I miss anything? Maybe is documented. If no such feature is avail, Can > > someone please > > show me how to work around? > > > > thanks 1000, > > Boon Pang > >-- >Victor Hadianto >Nuix Pty. Ltd. (02) 9283 9010
