Hello
Recently ive been given the job of looking after a Glassfish V2 installation. This installation is running on a publicly available Amazon instance. I am quite worried about the security aspects of this installation, it seems to me that
the previous admin of this install just dropped a default installation of Glassfish on this server and thats it. The admin console is publicly available on port 4848 etc...
So my job now is to plug up these holes, so im wondering what areas of a default install should be immediately secured?
Id like to completely block JMX, AMX (we are not using this) etc... How do I do this?
It would be nice to have the admin console publicly available for convenience, but I wonder if there is a way to set this up to lock the admin account after X fails?
Any other tips would be GREATLY appreciated!
Thank you
[Message sent by forum member 'seatin23' (sean.tindale_at_gmail.com)]
http://forums.java.net/jive/thread.jspa?messageID=362650