UGN Security
Posted By: bosky101 j2ee this time? - 10/03/03 03:25 AM
i jus tried running a server from j2ee through the localhost thing... i have a dynamic ip allocation,dial- up i think they call it wink ..so does anyone know of any back door inthis server..open ports sniffed as yet ?? coz as of now...when u set upthis server..anonymous acess from can be only to a specific folder called"public_html" ..comments please..
Posted By: pergesu Re: j2ee this time? - 10/03/03 04:43 AM
I was so excited when I first saw the topic. I thought, "Aha! A post that I can answer!" And I figured nobody else would be able to.

After reading it though, I'm wondering what the hell are you talkin about?
Posted By: bosky101 Re: j2ee this time? - 10/04/03 02:21 AM
oops sorry there pergesu ...

u c, onece u start the server in j2ee by tunninf "j2ee" in start... anyone can access the server u 've made at
<ur ip add>:8000/index.html

and this file will be locally (ie in ur computer in a folder called "public folder" and as the names says.. waht evr i put in this folder is "public" to all..
so all iwanted to know if there was anyway else to access the comp since i dont thinik this folder thing issecure enough ..waht do u think... after reading all this port stuff...i m sure that other vulnerable ports can be found...if so.. has it worked ? anyone ?! ...
Posted By: pergesu Re: j2ee this time? - 10/04/03 06:29 AM
Still not sure what you're gettin at. A J2EE server is just a regular server, it serves files, except those files are written or somehow associated with Java. What you've got probably has a standard web (HTTP) server tied into it also, which allows it to serve HTML pages and stuff. That's also how it converts the Java stuff into something people's browsers can interpret. There's a document root, where all the files have to reside. So when you make a request for /index.html, it looks inside this directory for the file named index.html and serves it up. That's not insecure...that's how they work.
© UGN Security Forum