James,
On 10/15/25 3:16 PM, James H. H. Lampert wrote:
On 10/15/25 11:07 AM, Olaf Kock wrote:
Security by Obscurity?
If all else fails . . .
As it stands, I've successfully renamed the manager context in my
guinea-pig server, and it continues to work. And certainly, if nothing
called manager exists, and there's no other way for an outsider without
terminal access to see what contexts *do* exist on the system, they'd
have to do an awful lot of trial-and-error.
But I've found enough information to start pursuing the JMX option.
I now have jmxterm installed and open on the box where the guinea-pig
server is running, and I've found and connected to the process in which
the JVM job for the Catalina job is running (which, because of the way
Java works on an IBM Midrange box, is not the Catalina job itself, but a
job called QP0ZSPWP).
I much prefer the JMXProxyServlet, which is a part of the manager. Then
you can use curl instead of some obscure JMX client, plus you can add
real security instead of the janky security offered by the JMX connection.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
