-
Notifications
You must be signed in to change notification settings - Fork 68
Security FAQ
This FAQ handles topics related to security.
Is there access limitation to MoSKito Web Tools (inspect and/or control)
No, MoSKito itself doesn't offer any access control mechanism, simply because there are too many different scenarios how the authorization and authentication would work. Instead we strongly adjust to protect MoSKito by web.xml constraints for example:
<security-constraint>
<web-resource-collection>
<web-resource-name>
MoSKito Inspect
</web-resource-name>
<url-pattern>/moskito-inspect/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>moskito</role-name>
</auth-constraint>
</security-constraint>
Alternatively, if you use apache httpd, you can protect MoSKito path from it. There are many options, feel free to contact the support for best practices: [email protected]
I want to connect to MoSKito via MoSKito Inspect and RMI, but my App is behind the Firewall. What to do?
You can connect from MoSKito Control to MoSKito Core (the data collecting agent) via HTTP or RMI, and from MoSKito Inspect to MoSKito Core via RMI. The default behaviour of the RMI implementation is to open two ports, one for the RMI registry and one for the services. You need to specify at least one port, the port of the registry. The service port is usually a random high port. This isn't very practical for firewall tunnels, therefore, you can use following options to set ports, that you can explicitly allow in your firewall:
- -DlocalRmiRegistryPort=9401 - sets the registry port.
- -DserviceBindingPort=9402 - sets the port for the services.
Note, that you can use same port for both options.