[jboss-dev-forums] [Design of Management Features on JBoss] - Common context root for management web apps, web invokers et
csaldanh
do-not-reply at jboss.com
Thu May 29 13:11:51 EDT 2008
This post is with regard to http://jira.jboss.com/jira/browse/JBAS-4388.
Here is the Description:
"In any enterprise environment, administrative interfaces are blocked from the public even if they require a password; administrative interfaces can only be accessed through the internal network or a SSL-secured VPN. This means the load balancer (or whatever) must block out all the possible management/invocation web apps:
/jmx-console
/web-console
/invoker
/jbossmq-httpil
These paths sometimes change between JBoss versions without any significant announcement, plus services are occasionally added. This could easily result in unsecured or poorly secured (basic auth) services exposed to the public.
Please put all JBoss-provided webapps under a base context that can easily be blocked to the public:
/jboss/jmx-console
/jboss/web-console
/jboss/invoker
/jboss/jbossmq-httpil"
I just wanted to know the other developers views on this request.
Thanks
Clive
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4154398#4154398
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4154398
More information about the jboss-dev-forums
mailing list