• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Performance and Security in Tomcat's Debug Mode in production

 
Greenhorn
Posts: 3
Firefox Browser Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello!

Recently i was looking for a tool to make easily the deploy of bug fixes in production, and i have found the ClassGhost utility (http://classghost.sourceforge.net/). This tool injects classes in the production JVM. It looks pretty good, and does the work very well.

But, to do this job, the ClassGhost needs some parameters in the JVM. These parameters, in Tomcat, are related with the Debug mode (as you can see in this http://classghost.sourceforge.net/how.html and this http://wiki.apache.org/tomcat/FAQ/Developing links).

My question is: what do you think about enable debug mode of Tomcat in production? Did you do something like this? Please, i want to listen your considerations.

Thanks!
 
Saloon Keeper
Posts: 27763
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Be careful. The JVM debugger cannot be switched on and off on the fly, which means that it's available at all times, and it's not protected by any sort of security system. If an intruder can gain debug access, they can browse and even alter sensitive memory, gain insight into possible application logic flaws, and generally wreak havoc.
 
I promise I will be the best, most loyal friend ever! All for this tiny ad:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic