Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

understand SecureJBoss issue

 
chen young
Ranch Hand
Posts: 197
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

I just start to work with jobs so I am not familiar with all security problems.
After finish the installation I notice that there are few security issues (that I am still trying to understand):
SecureJBoss

Can someone please enlighten me on this subject furthermore ?
Is it a critical issue ?

Thanks
 
Peter Johnson
author
Bartender
Posts: 5852
7
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
When you get JBoss AS and run it, by default it lets you do anything without requiring any credentials (well, not quite, the admin-console in 5.1.0 required login). This state is great for development work because you can do what you need without having to worry about logging in.

However, when you set up a public JBoss AS web site you should secure it as much as possible. If you don't, anyone can go to the the jmx-console and shut the app server down, or interrogate and call your web services, or write clients that connect to your messaging queues, or do any number of other things to steal your data or compromise your system.

Note that by default JBoss AS (starting with 4.2.0) binds to localhost only, so in a development environment where you don't use the "-b" option to bind elsewhere, the above security concerns are not an issue.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic