Meaningless Drivel is fun!
The moose likes Java in General and the fly likes Java Debugger security question Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Java in General
Bookmark "Java Debugger security question" Watch "Java Debugger security question" New topic

Java Debugger security question

Ahmed Basheer
Ranch Hand

Joined: Apr 15, 2004
Posts: 77
I have question. I am using java Debugger JDB. I am attaching to the currently running Java process which is preconfigured to listen to the port. so I am using jdb -attach <portnumber>. There seems a security hole when configuring java process to listen to the portnumber. remote debugger can do anything and everything to the process. Is there any way that Java process can be protected with password if we use jdb -attach <portnumber> remotely. Earlier versions of jdb seems to offer an option like "jdb -host -password" but this mechanism doesn't work with jdb packaged with jdk1.5.

Suggestions appreciated.

Peter Chase
Ranch Hand

Joined: Oct 30, 2001
Posts: 1970
But surely you only run your Java process with the debugger enabled when you are testing in a development environment, not in production ... do you?

Betty Rubble? Well, I would go with Betty... but I'd be thinking of Wilma.
Ahmed Basheer
Ranch Hand

Joined: Apr 15, 2004
Posts: 77
I am running Java process with debugger enabled in production. Sun doc says there is no performance impact if we run it with debugger enabled. But there is security hole that I am looking to plug into.

Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42965
Can you configure the router that separates the network segment with the production machines from the rest of the network to not allow traffic on that port? (Or the firewall, if you're concerned about traffic from the outside?)

Less convenient than a password, but also more secure.
I agree. Here's the link:
subject: Java Debugger security question
It's not a secret anymore!