Archive for the 'ArcGIS Server development' Category

(re-)Building the ArcGIS Geoportal Extension

The ArcGIS Geoportal Extension (GPE) comes as a bunch of web applications, packaged as .war files, executables and scripts. Depending on your requirements you will want to install and/or use a subset of these. Also you will want to customize the look and feel of the portal website. Continue reading ‘(re-)Building the ArcGIS Geoportal Extension’

Creating a Java ArcGIS Server Object Extension to access metadata through a mapservice

So with this cool Server Extension technology being possible with ArcGIS server java ed. 9.3.1 and me finally having time to have a play with it I decided on doing something useful; getting at the metadata of the data within a mapservice. Continue reading ‘Creating a Java ArcGIS Server Object Extension to access metadata through a mapservice’

ArcGIS Server java ed. exposes tomcat manager webapp with well know user credentials

This article concerns the ESRI ArcGIS Server java ed. versions 9.3 and 9.3.1 and possibly others.

ArcGIS Server 9.3sp1 and 9.3.1 expose the Tomcat html manager application; this in itself is not a bad thing if the user would be aware of the consequences and if the credentials which would be necessary to obtain access were not public knowledge [KB 37134 , KB 37147].
Neither of these conditions are met, causing a situation where the management of the built-in tomcat servers is open for anyone interested; you cannot get an easier way to launch a DoS attack. Essentially this makes the product unfit for deployment in the enterprise. Continue reading ‘ArcGIS Server java ed. exposes tomcat manager webapp with well know user credentials’


Join 58 other followers

GISpunt logo

GISpunt logo (small)

tweets


%d bloggers like this: