[jboss-dev-forums] [Design of Security on JBoss] - Re: AS 4.2.0 binding to localhost
scott.stark@jboss.org
do-not-reply at jboss.com
Sun Mar 4 23:39:46 EST 2007
The point of the change was to not be the source of the unsecure, globally available access. We were getting security exploit postings over this issue. Logging a message is not effective either.
Inconvience is the point. If your trying to access the server remotely, then you have to change something and the release notes document why localhost is the default. It was argued that it would be more inconvient to completely disallow access to the jmx console by configuring it to only configure users without valid permissions to access the consoles. The argument for localhost was that testsuites would not be broken, as well as allowing the typical localhost deployments used by developers.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4024969#4024969
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4024969
More information about the jboss-dev-forums
mailing list