diff options
author | Marc R. Hoffmann <hoffmann@mountainminds.com> | 2010-06-02 08:28:27 +0000 |
---|---|---|
committer | Marc R. Hoffmann <hoffmann@mountainminds.com> | 2010-06-02 08:28:27 +0000 |
commit | 8e8480b5c379089f31155932aec7b0d114b9d7b2 (patch) | |
tree | d6679779160d5449319d8ded03bd1af73d8d1046 /org.jacoco.doc/docroot/doc/agent.html | |
parent | 82b70b13a104d91fc244c99f01e5a36d863471b4 (diff) | |
download | jacoco-8e8480b5c379089f31155932aec7b0d114b9d7b2.tar.gz |
Security considerations.
Diffstat (limited to 'org.jacoco.doc/docroot/doc/agent.html')
-rw-r--r-- | org.jacoco.doc/docroot/doc/agent.html | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/org.jacoco.doc/docroot/doc/agent.html b/org.jacoco.doc/docroot/doc/agent.html index 82582c65..c83f964c 100644 --- a/org.jacoco.doc/docroot/doc/agent.html +++ b/org.jacoco.doc/docroot/doc/agent.html @@ -140,6 +140,7 @@ port specified by the <code>address</code> and <code>port</code>
attribute. Execution data is written to this TCP connection.</li>
</ul>
+ Please see the security considerations below.
</td>
<td><code>file</code></td>
</tr>
@@ -164,6 +165,17 @@ </tbody>
</table>
+<h2>Security Consideration for Remote Agent Control</h2>
+
+<p>
+ The ports and connections opened in <code>tcpserver</code> and
+ <code>tcpclient</code> mode do not provide any authentication mechanism. If
+ you run JaCoCo on production systems make sure that no untrusted sources have
+ access to the TCP server port, or JaCoCo TCP clients only connect to trusted
+ targets. Otherwise internal information of the application might be revealed
+ or DOS attacks are possible.
+</p>
+
</div>
<div class="footer">
<span class="right"><a href="@jacoco.home.url@">JaCoCo</a> @qualified.bundle.version@</span>
|