Hi, We are writing a java program which keeps a password in memory. Unfortunately, the user can easily use jconsole or jmap to create a heap dump file and open it to find the password. I think jconsole connects jvm using local sockets. I wanna know, is there any way to disable jmx even for local users? Is there any way to totally disable heap dumps? As the user have access to the memory segment, this is possible to access the password anyway. However, I wanna disable standards ways of doing that to make the action as expensive as possible.
+1
A:
The locally-monitorable JMX agent is enabled by default. To disable it, set the system property "com.sun.management.jmxremote" to false
http://java.sun.com/j2se/1.5.0/docs/guide/management/agent.html#properties
skaffman
2009-08-10 14:00:51
I've tested it, but it doesn't work! Even, I'm seeing -Dcom.sun.management.jmxremote=false in jconsole "VM Summery" tab as a VM Argument!
2009-08-10 14:34:57
A:
Finally, I found a solution for disabling jconsole connections. It also prevents jmap to create a dump file. I found the solution here. I also quote the answer here:
You can prevent tools such as jconsole and others from connecting by running with the -XX:+DisableAttachMechanism option. Note that this option is not documented/supported but should do what you want. That said, even with this there is nothing to stop you connect gdb or other debugging/proc based programs
However, that is obvious the memory segment could be accessed locally. But, does anyone knows a tool to make standard memory dumps with direct access to the memory?