5 Replies Latest reply on Jun 28, 2012 11:04 AM by creatureoflegend

    cookieDomain and also how to add new alias w/o restarting

    creatureoflegend

      Hi, all!

       

      I have 2 questions:

       

      1) Is it possible to add new aliases into jboss-web.deployer\server.xml <Host ...> <Alias>sladfjks</Alias> </Host> and have that take affect without re-starting jboss?  We have an application that relies on aliases it is also very important that the server stays up as much as possible, so anytime we add a new alias we have to come in at like 5am in the morning to restart the server because thats the time the application is used less often.

      Using jboss 4.2.2.GA and Using jboss 4.2.3.GA

       

      2) While looking through the server.xml I've found the setting "cookieDomain". Based on its description and what I understood by reading http://community.jboss.org/wiki/JBossWebSingleSignOn it sounds like it might be used for naughtiness.  Would someone be able to set their cookie domain to something somewhere on the Internet and thus be able to read the cookies that other site sets? Let's say you have a site A that is stupid and saves username and password of the visitors in cookies. Then site B, who has it's cookieDomain set to site A tricks the users into going to it and reads the usernames and passwords stored by site A in its cookies.  Or is this protected against?

       

       

      Thanks!!

      Creature