admin@glassfish.java.net

Re: Asadmin

From: Byron Nevins <byron.nevins_at_oracle.com>
Date: Mon, 09 May 2011 10:16:59 -0700

Yes - exactly. The problem is that we aren't explaining that to the
user. We just say "Forbidden".


On 5/4/2011 12:28 PM, Tom Mueller wrote:
> Even with no admin password for a domain, in 3.1, we still prohibit
> remote asadmin access to the DAS unless enable-secure-admin has been run.
>
> Tom
>
> On 5/4/2011 2:06 PM, Byron Nevins wrote:
>> That concern won't apply in my scenario -- the domain is wide-open
>> with no password protection...
>>
>>
>> On 5/4/2011 11:37 AM, Tom Mueller wrote:
>>> We had a discussion about this when enable-secure-admin was being
>>> developed, but I haven't been able to find a record of that. The
>>> debate was about how much information to give the user in this
>>> case. Generally, for security reason you want to give a potential
>>> attacker as little information as possible as to why they cannot
>>> access the system. On the other hand, for user-friendliness, you
>>> might want to tell them to run enable-secure-admin to allow this
>>> operation.
>>>
>>> Tom
>>>
>>>
>>> On 5/4/2011 12:55 PM, Byron Nevins wrote:
>>>> Scenario:
>>>>
>>>> On MachineB --
>>>>
>>>> 1. asadmin delete-domain domain1
>>>> 2. asadmin create-domain --nopassword domain1
>>>> 3. asadmin start-domain domain1
>>>>
>>>>
>>>> On MachineA --
>>>>
>>>> 1. asadmin --host machineB deploy hello.war
>>>>
>>>> Result:
>>>>
>>>> *HTTP connection failed with code 403, message: Forbidden*
>>>>
>>>> ===============
>>>>
>>>> Which is fairly easily solved. But there is no hint at all for the
>>>> user on how to proceed. Should we give them a clue in the error
>>>> message?
>>>>
>>>>
>>>> Oracle <http://www.oracle.com>
>>>> Byron Nevins | Principal MTS
>>>> Phone: +1 6503958992 <tel:+1%206503958992>
>>>>
>>>> Green Oracle <http://www.oracle.com/commitment> Oracle is committed
>>>> to developing practices and products that help protect the environment
>>
>> --
>> Oracle <http://www.oracle.com>
>> Byron Nevins | Principal MTS
>> Phone: +1 6503958992 <tel:+1%206503958992>
>>
>> Green Oracle <http://www.oracle.com/commitment> Oracle is committed
>> to developing practices and products that help protect the environment 

-- 
Oracle <http://www.oracle.com>
Byron Nevins | Principal MTS
Phone: +1 6503958992 <tel:+1%206503958992>
Green Oracle <http://www.oracle.com/commitment> Oracle is committed to 
developing practices and products that help protect the environment
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.