thanks, that's a start, i'll do some digging and see what can be done... rich
Aaron Mulder wrote: > > On 8/28/06, raxpl <[EMAIL PROTECTED]> wrote: >> >> thanks for getting back... >> not sure about the "it should be as secure as any other web application" >> - >> you might be right, but >> just exposing a console appears to me risky...any cracker can reach it to >> try and crack the password using standard techniques because they can get >> to >> the console up if they know anything about geronimo... > > True, but you can enable the lockout after a certain number of login > attempts if you are worried about a brute-force attack. > >> I wouldn't be quite so >> paranoid if the jrun docs hadn't identified their console as a security >> risk >> ! and it's very similar. I live in fear...but geronimo is a great >> achievement (i switched from zope3...and that's a cracking bit of kit but >> lacks fundamental facilities like standardised messaging). >> As for "It is also possible to configure Geronimo so different >> applications >> are attached to different ports (though it's not terribly >> straightforward)" >> - yes, this is what i was trying to achieve but didn't get anywhere... >> can >> you give a few pointers ? i'll write a tech note on it for other people - >> deal ? > > David Jencks worked this out. I believe the procedure is to configure > a second web container, set the ports on each web container to be > different, and then use an element in the web app deployment plan to > indicate which web apps go to which container (and therefore which > apps are exposed on which ports). I don't have more details at the > moment by David might or I think the issue has come up on the mailing > list before. > > Thanks, > Aaron > > -- View this message in context: http://www.nabble.com/securing-admin-access-tf2158727.html#a6026327 Sent from the Apache Geronimo - Users forum at Nabble.com.
