gump-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Rall <>
Subject Re: (on moof?)
Date Sat, 22 Nov 2003 00:55:56 GMT
Stefano Mazzocchi wrote:
> On 12 Nov 2003, at 07:18, Sam Ruby wrote:
>> Chris Pepper wrote:
>>> At 2:21 PM +0100 2003/11/08, Stefano Mazzocchi wrote:
>>>> On 7 Nov 2003, at 21:11, Sam Ruby wrote:
>>>>> It is worth noting that gump will run a number of tests, so from 
>>>>> time to time you will find projects have tests that use well known 
>>>>> ports (like 8080).
>>>> ouch. we plan to be running servlets on moof, that's for sure and 
>>>> 8080 is very likely to be already used on that machine (even if we 
>>>> can install the servlet engine in some other port, since it's going 
>>>> to be proxypassed anyway)
>>>     This shouldn't be too bad -- the built-in ipfw is quite capable 
>>> of blocking 8080; just make sure there's already a listener on any 
>>> open ports before starting gump, and attempts to listen on such ports 
>>> (by gump processes) should generate an error rather than a security 
>>> hole. Not that I've tested this theory...
>>>     "sudo ipfw list".
>> Generating an error would result in a test failing which would result 
>> in emails sent to developers indicating that there is a bug which 
>> needs to be addressed... in general, this is not the desired behavior.
> Exactly. This is my concern as well, not security (we'll firewall port 
> 8080 anyway... hosting servlets straight from a pure java servlet engine 
> is foolish)

Would configuring an additional aliased network interface be helpful here?  For 
instance, bind any running Tomcat to a high port on the public network interface 
(e.g. eth0), and provide an alias (e.g. eth0:0) with a private IP address or the 
loopback interface for use by the test cases.  Or do these tests cases always 
try and bind to port 8080 on all interfaces?

View raw message