With understanding of secure Internet connections limited to SSL, I'm doubtful about the security of GlassFish Admin console. Normal secure HTTP connections use http**s**://domain/ URLs but in GlassFish http://domain:4848/ is used to login to Admin console. Is there some kind of encryption going on between the browser and the server when using that administration port, or does all that communication go unsecurely, naked to possible hackers?
GlassFish documentation guide how to use the Admin console but I haven't found any mention about this security concern.