Craig McClanahan wrote:
> legolas wood wrote:
>> Hi
>> thank you for reading my post.
>> What is solution to secure the JNDI access?
>> for example if any one know our application server IP address then
>> he/she can lookup the JNDI , is it correct?
>>
> No. They only way an outsider could perform lookups in your JNDI
> namespace is if they were allowed to install applications on your app
> server. If they can do that, you've got substantially more serious
> issues to think about than just JNDI access :-).
>
> Craig
Let me ask with more details,
We have two application server installed on two computers in our
environment. We have JMS on second machine , and other components are on
the first machine.
From first machine we lookup the JMS destinations on second machine and
use them. (we are still unable to perform the lookup but we are working
on it.)
*what make me worried is :*
when my application on first machine can lookup into the JNDI of second
machine, outsiders can do the same, don't they?
When I looked into glassfish configuration i found a Security Manager
CheckBox, the online help just said that it will enable/disable the
security manager but it does not explains what will security Manager do.
Thanks
>
>> if it is correct, then how we should prevent it and secure the JNDI ?
>>
>> thanks
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>