Why not just block the port that the admin server runs on so only internal people can get to it and let it run all the time?
-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of Aaron Bartell
Sent: Monday, September 29, 2008 3:21 PM
To: Web Enabling the AS400 / iSeries
Subject: Re: [WEB400] How do I get usable file permissions using the IBM Web Administration for i5/OS on port :2001
Having an administrative interface open to the public is always a liability,
but outside of that I am just uncomfortable with having a Java interface
running in Websphere that has access to so many system functions. Call me
paranoid I guess. I have zero cases that I can tell you about where it has
been a problem, but then again maybe that is because I really only use it to
admin DCM and then I shut it off again right away :-)
In the end I don't even know how much of Java and Websphere are used in the
*ADMIN process, so my hesitations are really unfounded (just wanted to clear
the air :-)
Aaron Bartell
http://mowyourlawn.com
On Mon, Sep 29, 2008 at 1:41 PM, Booth Martin <booth@xxxxxxxxxxxx> wrote:
wow. Am I reading you right? Using the *ADMIN server is a bad
thing?!?! It has security flaws? IBM is putting out a product that is
dangerous to use?
--
This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at
http://archive.midrange.com/web400.
midrange.com
