This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
I just start to work with jobs so I am not familiar with all security problems.
After finish the installation I notice that there are few security issues (that I am still trying to understand):
Can someone please enlighten me on this subject furthermore ?
Is it a critical issue ?
When you get JBoss AS and run it, by default it lets you do anything without requiring any credentials (well, not quite, the admin-console in 5.1.0 required login). This state is great for development work because you can do what you need without having to worry about logging in.
However, when you set up a public JBoss AS web site you should secure it as much as possible. If you don't, anyone can go to the the jmx-console and shut the app server down, or interrogate and call your web services, or write clients that connect to your messaging queues, or do any number of other things to steal your data or compromise your system.
Note that by default JBoss AS (starting with 4.2.0) binds to localhost only, so in a development environment where you don't use the "-b" option to bind elsewhere, the above security concerns are not an issue.