Monday, September 22, 2008

JBoss and security

So, one of the things I noticed when I was setting up for the demo is that I cannot just connect to JBoss from any old computer.

It took me about three days of idle wanderings on the internet to figure out that JBoss makes things super-secure by default. One of the ways they do this is by locking down the server to only localhost connections (so that essentially, only the computer the server is on can ever touch the server)

Thus, I finally figured out how to disable it and this methodology... The caveat being that you have to read a large disclaimer about how you might be opening up security risks and should mitigate all of them before you can comfortably do this.

Looks like I get to sit and read a doc for a while to make sure I know how to turn off the remote administration stuff and other big-scary-nasties before I open it up completely. I miss tomcat.

Otherwise, I am working on polishing up the PoiConDai demo and documenting the next steps in RODSAdai and how they might contribute to the NCPHI toolkit. Docs to follow, excitedness here now.

No comments: