We had some problems with hackers hacking our
JBoss, so I had to secure our HttpInvokers in JBoss 4.2.3 (EJBInvokerServlet and JMXInvokerServlet).
I changed the jboss-configuration and after that I changed the calling code (to supply a username and password).
My question now is:
In all examples I see on the internet, about adding security to JBoss, the username and password are hardcoded in the code.
Our client-code (which also needs these credentials) is open for download, so a smart hacker is able to download the code, decompile the classes and see the password.
Is there a way to make this secure?