cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Have a PTC product question you need answered fast? Chances are someone has asked it before. Learn about the community search. X

Securing PE Server for Enterprise Prod environment - can I remove "peaxis2"?

MartyRoss
1-Newbie

Securing PE Server for Enterprise Prod environment - can I remove "peaxis2"?

Can anyone tell me if the "peaxis2" application (supporting the "PEWebService") deployed as part of Arbortext PE Server (5.4) is used internally by the PE server?

We're also using a Windchill adapter for storing content, employing Visualization Services CADworkers. I basically want to know if it's "safe" to disable this ("peaxis2") application that appears to have been enabled "out of the box", given that we're not employing custom SOAP apps to interact with PE.

The larger goal is to secure the PE Server in a corporate environment; I'd rather "turn off" any unused entry points rather than securing them.

Looking into this task, it appears there are several applications / services we could remove or disable:

The Tomcat applications:

  1. manager
  2. host-manager
  3. docs
  4. examples

I think I can do that by cleaning out the "webapps" directory and removing the corresponding app .xml files in "conf/Catalina/localhost".

PE apparently also deploys an instance of "axis2" software (as a WAR file from within the "e3" directory) and names it "peaxis2", presumably to support custom interactions with PE via a SOAP interface. This application has an administrator screen whose access credentials are hard coded in cleartext in the "conf/axis2.xml" file inside the WAR file. Yech!

So, any thoughts or experience persuing this goal, and/or with any of the points / thoughts listed above will be appreciated!

Thanks!

0 REPLIES 0
Top Tags