wood burning stoves 2.0*
The moose likes Java in General and the fly likes Java Debugger security question Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Java in General
Bookmark "Java Debugger security question" Watch "Java Debugger security question" New topic
Author

Java Debugger security question

Ahmed Basheer
Ranch Hand

Joined: Apr 15, 2004
Posts: 77
I have question. I am using java Debugger JDB. I am attaching to the currently running Java process which is preconfigured to listen to the port. so I am using jdb -attach <portnumber>. There seems a security hole when configuring java process to listen to the portnumber. remote debugger can do anything and everything to the process. Is there any way that Java process can be protected with password if we use jdb -attach <portnumber> remotely. Earlier versions of jdb seems to offer an option like "jdb -host -password" but this mechanism doesn't work with jdb packaged with jdk1.5.

Suggestions appreciated.

Thanks,
Ahmed
Peter Chase
Ranch Hand

Joined: Oct 30, 2001
Posts: 1970
But surely you only run your Java process with the debugger enabled when you are testing in a development environment, not in production ... do you?


Betty Rubble? Well, I would go with Betty... but I'd be thinking of Wilma.
Ahmed Basheer
Ranch Hand

Joined: Apr 15, 2004
Posts: 77
I am running Java process with debugger enabled in production. Sun doc says there is no performance impact if we run it with debugger enabled. But there is security hole that I am looking to plug into.

Ahmed.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41062
    
  43
Can you configure the router that separates the network segment with the production machines from the rest of the network to not allow traffic on that port? (Or the firewall, if you're concerned about traffic from the outside?)

Less convenient than a password, but also more secure.


Ping & DNS - my free Android networking tools app
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Java Debugger security question
 
Similar Threads
how to get password for jdb?
help with jconsole
question about jdb
Is there a hook/notification for when a class is loaded?
attach source code to the remote debug