Am 15.10.25 um 18:16 schrieb James H. H. Lampert:
Just a thought: can manager be renamed, to something that neither a
hacker nor a security scan could easily guess, without command-line
access to the box, and still function?
Security by Obscurity?
Should be possible. I've ran "grep -r manager ." in the manager webapp's
source directory, and it looks like the name is hardcoded nowhere. So
you /should/ be able to simply rename its WAR file or the directory name
within tomcat's webapps directory.
If this is a good idea or not remains for you to answer. You should
still properly password-protect it and ideally also limit the
networks/IPs/endpoints that can access it. Just as with its default
name, it shouldn't be visible to anyone anyway.
Another option is to utilize JMX, as Mark pointed out earlier.
Olaf
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
