legolas wood wrote:
> Craig McClanahan wrote:
>> legolas wood wrote:
>>> Hi
>>> thank you for reading my post.
>>> What is solution to secure the JNDI access?
>>> for example if any one know our application server IP address then
>>> he/she can lookup the JNDI , is it correct?
>>>
>> No. They only way an outsider could perform lookups in your JNDI
>> namespace is if they were allowed to install applications on your app
>> server. If they can do that, you've got substantially more serious
>> issues to think about than just JNDI access :-).
>>
>> Craig
> Let me ask with more details,
> We have two application server installed on two computers in our
> environment. We have JMS on second machine , and other components are
> on the first machine.
> From first machine we lookup the JMS destinations on second machine
> and use them. (we are still unable to perform the lookup but we are
> working on it.)
> *what make me worried is :*
> when my application on first machine can lookup into the JNDI of
> second machine, outsiders can do the same, don't they?
It is impossible to answer precisely without understanding all the
details of your environment, but your own experience should provide some
clues:
* JNDI lookups are local to the current application execution environment
-- they are not accessible via arbitrary HTTP requests.
* Do you have any evidence that *anyone* can make such a request?
It sounds like you have not even succeeded at internally making this
possible.
>
> When I looked into glassfish configuration i found a Security Manager
> CheckBox, the online help just said that it will enable/disable the
> security manager but it does not explains what will security Manager do.
>
The security manager checkbox relates to the SecurityManager[1] feature
of all Java JVMs. This deals with controlling what can happen *inside*
a single JVM instance, so you can (for example) provide different
capabilities to different webapps served by the same app server. It
does not have anything to do with remote access.
>
> Thanks
Craig
PS: About 90% of the questions you ask on various mailing lists can be
addressed by the large amount of information indexed by search engines
such as Google. In particular, a search for "SecurityManager" or
"security manager" would have turned up a large number of useful links
in addressing your concerns.
[1]
http://java.sun.com/docs/books/tutorial/security/index.html
>>
>>> if it is correct, then how we should prevent it and secure the JNDI ?
>>>
>>> thanks
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>
>>
>