Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-2211

Profile Service can be accessed without authenticating

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Blocker
    • EAP 5.0.0.CR3
    • EAP 5.0.0.BETA
    • Security

    • JBAS r90750, EAP5 branch

    Description

      The Profile Service can be accessed remotely via the non-EJB interface, which doesn't require authentication. This remote interface should be disabled in EAP. Here's a client that demonstrates using the unsecure interface:

      https://svn.jboss.org/repos/jopr/trunk/etc/jbas5-jnp-client/

      See also: http://www.jboss.org/community/wiki/RemoteAccesstoProfileService

      Attachments

        Activity

          People

            starksm64 Scott Stark (Inactive)
            ips_jira Ian Springer (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: