Isn't there a simple way to disallow all EJB access from any machine other than localhost? No way to limit connections from certain IP addresses?
Securing a web app is easy enough. I'm still figuring out how to secure the EJB.
Thanks -
matt
How about using only local interfaces for your ejbs - so only the local running server can access them