On 04/09/2010 11:05, Rainer Jung wrote: > On 02.09.2010 18:55, Pid wrote: >> On 02/09/2010 17:31, Christopher Schultz wrote: >>> Pid, >>> >>> On 9/2/2010 11:51 AM, Pid wrote: >>>> ..lots of info is available by JMX, once the server is up. In Java 6 >>>> you can attach to the process locally, without having to configure the >>>> JMX ports because it injects the management agent into the virtual >>>> machine. >>> >>> I hadn't considered that, never having used JMX. Are you saying that >>> anyone with local access can snoop a JVM? What are the strategies >>> available to prohibit that? Can you disable local JMX altogether? How >>> about some kind of authentication? >> >> Pretty much. I'm not sure how to disable it, I've only just got the >> hang of enabling it. >> >> http://download.oracle.com/javase/6/docs/jdk/api/attach/spec/com/sun/tools/attach/VirtualMachine.html >> >> >> Also: sun.management.ConnectorAddressLink, but I can't find a javadoc >> for that. > > I thought it uses a local file created by the JVM which only allows > access, if you are the same user (or root). The marketing terminology > for this Java 6 feature was "attach on demand".
OK, that useful to know. I was assuming there was a JVM option to prevent dynamic attachments, but that I just hadn't found it. File perm based restrictions makes sense. > See also > > http://weblogs.java.net/blog/emcmanus/archive/2005/09/mustang_jdk_now.html > > with some examples here: > > http://blogs.sun.com/sundararajan/entry/using_mustang_s_attach_api > > http://blogs.sun.com/sundararajan/entry/my_experiments_with_attach_on > > and API Javadoc: > > http://download-llnw.oracle.com/javase/6/docs/jdk/api/attach/spec/index.html Excellent, thanks, I'll have a read. p
0x62590808.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
