Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-2948

Document in the release notes that deploy/jmx-remoting.sar cannot be secured

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Blocker Blocker
    • EAP 5.0.0
    • EAP 5.0.0.CR4 (FCS and BETA2)
    • Documentation
    • None
    • Release Notes

      It seems the deploy/jmx-remoting.sar service that instantiates a jsr-160 adapter for remote access to the jboss mbeanserver for usage with tools such as the jconsole that comes with Sun's JDK, doesn't allow to secure this access.

      So although, the service binds by default to localhost, in production environments where the server will bind to a specific address, then access through this jsr160 adapter becomes a security risk. In those case the adapter should be disabled by undeploying/moving the whole deploy/jmx-remoting.sar directory.

              dandread1@redhat.com Dimitrios Andreadis
              dandread1@redhat.com Dimitrios Andreadis
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: