On Mon, Feb 25, 2013 at 2:42 PM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote:
> > From: Leo Donahue - RDSA IT [mailto:leodona...@mail.maricopa.gov] > > Subject: RE: JAVA_OPTS catalina.bat vs tomcat7w.exe > > > -Dcom.sun.management.jmxremote=true > > -Dcom.sun.management.jmxremote.port=9090 > > -Dcom.sun.management.jmxremote.ssl=false > > -Dcom.sun.management.jmxremote.authenticate=false > > Since you have JMX enabled without authentication, the server is open to > abuse from pretty much anyone who can reach it. > > Chuck, I have similar settings, and so far, so good (no abuse/attack), and I recently re-added jmx settings in tomcat7w.exe for my app...just to routinely check performance and/or memory-used by the app, while running on production server. can you please clarify 'the server is open to abuse from pretty much anyone who can reach it'? can you refer to me a blog or an article that discusses app abuse via jmx? i have hardware firewall in place and the jmx port is not open/available at the hardware firewall level. I usually login remotely to production server, and open Java visual VM to check status of the app (via JMX). - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you > received this in error, please contact the sender and delete the e-mail and > its attachments from all computers. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
