This week's book giveaway is in the General Computing forum. We're giving away four copies of Arduino in Action and have Martin Evans, Joshua Noble, and Jordan Hochenbaum on-line! See this thread for details.
I just start to work with jobs so I am not familiar with all security problems.
After finish the installation I notice that there are few security issues (that I am still trying to understand):
SecureJBoss
Can someone please enlighten me on this subject furthermore ?
Is it a critical issue ?
When you get JBoss AS and run it, by default it lets you do anything without requiring any credentials (well, not quite, the admin-console in 5.1.0 required login). This state is great for development work because you can do what you need without having to worry about logging in.
However, when you set up a public JBoss AS web site you should secure it as much as possible. If you don't, anyone can go to the the jmx-console and shut the app server down, or interrogate and call your web services, or write clients that connect to your messaging queues, or do any number of other things to steal your data or compromise your system.
Note that by default JBoss AS (starting with 4.2.0) binds to localhost only, so in a development environment where you don't use the "-b" option to bind elsewhere, the above security concerns are not an issue.
0
