[jboss-dev-forums] [Design of Security on JBoss] - Re: AS 4.2.0 binding to localhost
ryan.campbell@jboss.com
do-not-reply at jboss.com
Sun Mar 4 22:30:33 EST 2007
We could address this by only allowing connections to jmx-console from localhost, or any other methods which require configuration on the user's end. At least we could have a chance to have something like this:
******
Before uncommenting this, see http://wiki.jboss.org/SecureJBoss
******
A smarter option would cause JBoss to refuse to listen on anything but localhost with an unsecured JMX console unless you pass the "--unsecure" option.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4024964#4024964
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4024964
More information about the jboss-dev-forums
mailing list