Hi Mike

Mike Sullivan wrote:

 

I've been using byteman in development and it seems it would also be valuable in production on demand without restarting.

Byteman's listener option is attractive. Is there a way to secure the port by a password or some other manner?

Note that by default Byteman employs address localhost (which normally translates to the loopback address 127.0.0.1) and socket 9090. That should be enough for most purposes when it comes to securing the machine since only those who may legitimately log in to the machine can open a client connection.

A solution more suited for a public server setup would be one where you have two network interfaces on the server, one providing the public facing address employed for service requests and the other providing a private address used to handle sysadmin management requests. The Byteman agent can be configured at install time to open the listener socket on a private interface port. As an additonal security measure a firewall can be installed to ensure that access to that port is available only to trusted hosts.

Mike Sullivan wrote:

 

I would also be interested in others experience with using byteman in production in a secure manner

There have been several occasions when JBoss's support and consultancy teams have asked our EAP and SOA customers to install  Byteman in live deployments. Obviously, it is preferable to debug problems in a test system but in some cases problems only arise intermittently under live running. In such cases Byteman is an invaluable tool for identifying what is wrong.