[jboss-user] [Installation, Configuration & Deployment] - Re: Update JBoss to maintain security?
MarauderMUC
do-not-reply at jboss.com
Fri Aug 11 03:11:57 EDT 2006
"aq12ws" wrote : Hi ,
| Are you talking about securing the JBoss or upgrading ?
|
I intended to ask, if I should upgrade JBoss to the latest "patchlevel" for security reasons.
E.g. It is recommended to upgrade apache 2.0.x to the latest version 2.0.58, because security-holes have been fixed in this version.
Is this also best practice for JBoss - so if I use 3.2.3 should I go for 3.2.8 SP1 to have all known bugs fixed... or are there no security-related fixes in JBoss?
"aq12ws" wrote :
| The out of the box JBoss intallation is not secure . If u expose the jmx-console , your server can be shutdown from the web itself .
| If u are talking about security issues like this then i can provide more information on that ,.
|
The server has been setup with regard to security a while ago (not from me)... and of course is not fully exposed to the net.
Anyhow - I would be very interested in more information on securing JBoss to double-check our settings and learn from more experienced users...
Thx for the help,
Thorsten
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3964541#3964541
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3964541
More information about the jboss-user
mailing list