This post is with regard to
http://jira.jboss.com/jira/browse/JBAS-4388.
Here is the Description:
"In any enterprise environment, administrative interfaces are blocked from the public
even if they require a password; administrative interfaces can only be accessed through
the internal network or a SSL-secured VPN. This means the load balancer (or whatever) must
block out all the possible management/invocation web apps:
/jmx-console
/web-console
/invoker
/jbossmq-httpil
These paths sometimes change between JBoss versions without any significant announcement,
plus services are occasionally added. This could easily result in unsecured or poorly
secured (basic auth) services exposed to the public.
Please put all JBoss-provided webapps under a base context that can easily be blocked to
the public:
/jboss/jmx-console
/jboss/web-console
/jboss/invoker
/jboss/jbossmq-httpil"
I just wanted to know the other developers views on this request.
Thanks
Clive
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4154398#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...