This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes JBoss/WildFly and the fly likes understand SecureJBoss issue Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "understand SecureJBoss issue" Watch "understand SecureJBoss issue" New topic
Author

understand SecureJBoss issue

chen young
Ranch Hand

Joined: Sep 09, 2005
Posts: 188
Hi All,

I just start to work with jobs so I am not familiar with all security problems.
After finish the installation I notice that there are few security issues (that I am still trying to understand):
SecureJBoss

Can someone please enlighten me on this subject furthermore ?
Is it a critical issue ?

Thanks
Peter Johnson
author
Bartender

Joined: May 14, 2008
Posts: 5812
    
    7

When you get JBoss AS and run it, by default it lets you do anything without requiring any credentials (well, not quite, the admin-console in 5.1.0 required login). This state is great for development work because you can do what you need without having to worry about logging in.

However, when you set up a public JBoss AS web site you should secure it as much as possible. If you don't, anyone can go to the the jmx-console and shut the app server down, or interrogate and call your web services, or write clients that connect to your messaging queues, or do any number of other things to steal your data or compromise your system.

Note that by default JBoss AS (starting with 4.2.0) binds to localhost only, so in a development environment where you don't use the "-b" option to bind elsewhere, the above security concerns are not an issue.


JBoss In Action
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: understand SecureJBoss issue
 
Similar Threads
Encoding action Url for increasing the web app security
how to block JMX-console in jboss
Weird message with tomcat 4.1
Netscape href issue
implementing secured jboss deployment