Sent from my iPhone
On Nov 13, 2011, at 12:50 PM, Max Rydahl Andersen <max.andersen(a)redhat.com> wrote:
.Which sounds worse to me than a default locked down to only
localhost…but I'm not a security expert :)
Just to answer this one point the problem with the interface being the only security is
(as we do this as well)
1) Any user that gets even low privileged access to the box can control the app server,
which can be used for privileged escalation as well as all the bad things you can do with
full control of an app server.
2) if a user changes the interface address to be anything other than localhost they may
not realize the consequences.
If java supported unix domain sockets we could have secured non-auth via file perms at
least on UNIX. It does not though. Maybe one day we will do an xnio native unix domain
plugin, but until then user/pass seems to be the least resistive option.