How do I secure the jacoco TCP socket connection

69 views
Skip to first unread message

TreverW

unread,
Jul 10, 2017, 7:58:04 PM7/10/17
to JaCoCo and EclEmma Users
Hello,

Is it possible to secure the jacocoagent  tcp stream with some form of authentication?  If, for example the jacocoagent is running in a container (in our case, a kubernetes pod) with nginx in front of it.  We would like to prevent just anyone from being able to connect to the tcp port and get a dump.

Thank you.

Marc Hoffmann

unread,
Jul 11, 2017, 8:38:36 AM7/11/17
to jac...@googlegroups.com

Hi,

JaCoCo does not provide any security mechanisms because there are standard tools for this:

1) Make sure the agent server binds on a local interface only (loopback). This is default.

2) Use a ssh tunnel with port forwarding to get remote access. ssh provides secure communication and different authentication options.

 

Regards,
-marc

--
You received this message because you are subscribed to the Google Groups "JaCoCo and EclEmma Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jacoco+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jacoco/197785a3-1048-4ce9-b9a7-0bb1dda88f51%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

 

Evgeny Mandrikov

unread,
Jul 11, 2017, 8:49:32 AM7/11/17
to JaCoCo and EclEmma Users
Hi,

Also in addition to what was said by Marc: maybe you can use MBean interface (see "jmx" property of agent) instead of plain TCP connection and so standard ways to secure JMX connection.

Regards,
Evgeny


On Tuesday, July 11, 2017 at 2:38:36 PM UTC+2, Marc R. Hoffmann wrote:

Hi,

JaCoCo does not provide any security mechanisms because there are standard tools for this:

1) Make sure the agent server binds on a local interface only (loopback). This is default.

2) Use a ssh tunnel with port forwarding to get remote access. ssh provides secure communication and different authentication options.

 

Regards,
-marc

 

 

 

 

On 2017-07-11 01:58, TreverW wrote:

Hello,
 
Is it possible to secure the jacocoagent  tcp stream with some form of authentication?  If, for example the jacocoagent is running in a container (in our case, a kubernetes pod) with nginx in front of it.  We would like to prevent just anyone from being able to connect to the tcp port and get a dump.
 
Thank you.
 

 

--
You received this message because you are subscribed to the Google Groups "JaCoCo and EclEmma Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jacoco+unsubscribe@googlegroups.com.
Reply all
Reply to author
Forward
This conversation is locked
You cannot reply and perform actions on locked conversations.
0 new messages