Azeez lets take both of these services off. Looks like neither is being used??
+1 for the new test! Sanjiva. On Tue, Mar 22, 2011 at 11:55 AM, Afkham Azeez <az...@wso2.com> wrote: > Now I have added a security test that will fail if any admin service has > been exposed via non-HTTPS transports. > > > On Tue, Mar 22, 2011 at 11:49 AM, Dimuthu Leelarathne > <dimut...@wso2.com>wrote: > >> Hi, >> >> On Tue, Mar 22, 2011 at 10:34 AM, Afkham Azeez <az...@wso2.com> wrote: >> >>> Hmm no answer!!! >>> >>> DimuthuL, you have added LoginStatisticsAdmin on 6/2/2009 928AM with this >>> log: >>> " Exposing a login stat service. This is a hack, as discussed by the >>> team. I tried my best to limit the adverse effects done by this bad hack. >>> " >>> HTTP has been explicitly enabled for this service. What is this service? >>> What is the risk of having this service, what are these adverse effects you >>> are talking about and why did you explicitly expose it via HTTP? >>> >>> >> IIRC, I added this for BAM people. It is a read-only service. It doesn't >> let anyone write/modify server data. However it exposes login stats. I >> should have kept a close eye on it and removed HTTP before release. What >> should be the next steps? >> >> Thanks, >> Dimuthu >> >> >>> >>> FileDownloadService has been added on 12/18/08 1115PM by Keith with this >>> log: >>> "Adding a fileDownload Service so that we have a mechanism of accessing >>> files via fileDownload when running in a seperate FE BE env" >>> HTTP has been explicitly enabled for this service as well. >>> >>> >>> On Mon, Mar 21, 2011 at 12:12 PM, Afkham Azeez <az...@wso2.com> wrote: >>> >>>> Is there a particular reason why these services are exposed via HTTP & >>>> HTTPS? All other admin services are exposed only via HTTPS. >>>> >>>> -- >>>> *Afkham Azeez* >>>> Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com >>>> , >>>> * >>>> * >>>> *Member; Apache Software Foundation; >>>> **http://www.apache.org/*<http://www.apache.org/> >>>> * >>>> email: **az...@wso2.com* <az...@wso2.com>* cell: +94 77 3320919 >>>> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >>>> twitter: >>>> **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >>>> * >>>> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >>>> * >>>> * >>>> *Lean . Enterprise . Middleware* >>>> >>>> >>> >>> >>> -- >>> *Afkham Azeez* >>> Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com >>> , >>> * >>> * >>> *Member; Apache Software Foundation; >>> **http://www.apache.org/*<http://www.apache.org/> >>> * >>> email: **az...@wso2.com* <az...@wso2.com>* cell: +94 77 3320919 >>> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >>> twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >>> * >>> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >>> * >>> * >>> *Lean . Enterprise . Middleware* >>> >>> >> > > > -- > *Afkham Azeez* > Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com, > * > * > *Member; Apache Software Foundation; > **http://www.apache.org/*<http://www.apache.org/> > * > email: **az...@wso2.com* <az...@wso2.com>* cell: +94 77 3320919 > blog: **http://blog.afkham.org* <http://blog.afkham.org>* > twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> > * > linked-in: **http://lk.linkedin.com/in/afkhamazeez* > * > * > *Lean . Enterprise . Middleware* > > > _______________________________________________ > Carbon-dev mailing list > Carbon-dev@wso2.org > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- Sanjiva Weerawarana, Ph.D. Founder, Chairman & CEO; WSO2, Inc.; http://wso2.com/ email: sanj...@wso2.com; phone: +94 11 763 9614; cell: +94 77 787 6880 | +1 650 265 8311 blog: http://sanjiva.weerawarana.org/ Lean . Enterprise . Middleware
_______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev