On 8/28/06, raxpl <[EMAIL PROTECTED]> wrote:
answer was in apache reverse proxy bit of the admin docs (yes it is a
security risk if left open...)
It's not necessarily a security risk... If you change the default
administrator account and access the console via HTTPS, it should be
as secure as any other web application.
It is also possible to configure Geronimo so different applications
are attached to different ports (though it's not terribly
straightforward). That way, even without the Apache web server
involved, you can expose only user applications via a particular port.
"In this example the console has been enabled just for demonstation
purposes. In a production environment you will not want to have the console
accessible from the other network (normally the Internet). Having the
console accessible represents a big security exposure."
Again, I'd say the risk is only if you leave the default
system/manager account enabled, and possibly if you access the console
via HTTP, depending on your tolerance for plain text logins.
Thanks,
Aaron
raxpl wrote:
>
> hi list
> jrun docs used to recommended that web admin. access was masked off (by
> using iptables/firewall to block incoming packets on that port unless from
> a known ip or range of ip's (great unless you're on dynamic ip's) but the
> jrun admin. was on a different port from anything else so didn't interfere
> with content...this simple to achieve on geronimo ? (an xml file somewhere
> ?) or just a waste of effort ?
> rich
>
--
View this message in context:
http://www.nabble.com/securing-admin-access-tf2158727.html#a6017541
Sent from the Apache Geronimo - Users forum at Nabble.com.
