[SourceJammer-users] Re: Help!
Brought to you by:
robertmacgrogan
Menu
▾
▴
[SourceJammer-users] Re: Help!
|
From: Robert M. <rob...@ya...> - 2003-03-25 16:50:37
|
--- John Tilton <jt...@dv...> wrote: > > I have a few more questions. How secure is SJ. If we place Tomcat and SJ > on a server in our DMZ, do we open up a security breach in our server? Are > the file transfers encrped in any way? > > Thanks, > > John Tilton > Senior Principal Engineer, Information Engineering > ACS Defense/Synetics > Phone: 540-663-2137 x286 > Email: jt...@dv... Good questions, John. SJ does not encrypt anything. All messages are sent as plaintext XML. However, you could definitely configure SJ server to run under https. This would involve some Tomcat/Apache or Tomcat/IIS research on your part. It's kind of out of the scope of SJ. Go to jakarta.apache.org to find out more. As for security, I don't think SJ or Tomcat opens up any kind of security hole on your machine, but there is a possibility some hacker could prove me wrong. It is definitely possible to configure SJ/Tomcat to use port 80 instead of 8080 and to cooperate with your webserver. If you do this, SJ is as secure as any web application. One way to limit the impact that SJ could have on your system would be to create a user on your server just for SourceJammer. Give that user read/write access to the directories that SJ uses and no access to anything else. If you do that you are probably pretty safe. I'd be interested to know if anyone else has thoughts on the issue of security. --Rob > > > > __________________________________________________ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com |
