Geek Answers Handbook

Is the GlassFish admin console safe (port 4848)?

With an understanding of a secure internet connection limited by SSL, I doubt the security of the GlassFish admin console. Regular secure HTTP connections use http s : // domain / URLs, but in GlassFish http: // domain: 4848 / is used to log in to the Administrator Console. Is there any kind of encryption between the browser and the server when using this administration port, or is all this message unconditionally, naked for possible hackers?

The GlassFish documentation describes how to use the admin console, but I did not find any mention of this security issue.

+5
source share
5 answers

SSL can be enabled for the administrator console inside the administrator console → Configurations → HTTP service → HTTP listeners → admin-listener (responsible for listening on port 4848)

There is a secure checkbox option that is not enabled by default. Once enabled, its admin console will force SSL. For example, http: / domain: 4848 / redirects to https: // domain: 4848 /

.. I'm not quite sure that if only the checkin secure option for admin-listener did the trick of saving the change, then the console froze. After that, I also changed AS_ADMIN_SECURE = true in the GlassFish / asadminenv.conf configuration.

+5
source

, Glassfish v3.1, SSL admin,

asadmin enable-secure-admin

http://blogs.oracle.com/quinn/entry/securing_adminstration_in_glassfish_server1

+5

​​ script, /, glassfish script, :

asadmin set --port 4848 --user admin --passwordfile password-file.txt server.http-service.http-listener.admin-listener.security-enabled=true
+2

"checkin secure option admin-listener" .

+1

If it uses SSL, you will get access to it as https : // domain: 4848 /

You can see additional information by selecting "Page Information" in the browser menu. If you accessed the page via a URL https, you should see a small lock icon somewhere in the browser window, and this icon should be clickable.

0
source

More articles:


All Articles