When you define a JDBC connection pool in Glassfish (AKA Sun Java System Application Server 9) and JDBC resources for it, you usually include a user name and password as pool properties.  You may think that this information is available only to deployed applications, but in fact anyone with IP access to the servers ORB port (3700 by default) can fetch the entire datasource definition using a simple JNDI lookup. If the database server is also accessible, then you have a security problem.

If you have a QNAP you may want to run some scripts regularly. Editing the crontab seems to work but your changes don't survive a reboot. There is however a fairly simple solution:

During boot, the QNAP will mount the partition /dev/mtdblock5 in /tmp/config and execute the file autorun.sh in this directory, if it exists. The following steps show you how to create the file with the commands necessary to add a crontab entry:

First, mount the partition, cd into the config directory and edit or create the autorun.sh file:

Boiling an egg is easy. Boiling the perfect egg however, requires extensive research. After many months of boiling, testing and statistics gathering I've concluded the following:

OK, you have created a great web application and now you want to expose it to the world, or perhaps a limited subset of it. You probably don't want to allow full access to your application server so you need a proxy.

The apache proxy module (mod_proxy) can be used with a simple configuration like below:

<IfModule mod_proxy.c>