-
1. Re: Security issues
juha Sep 7, 2002 5:35 AM (in response to czajnik)You need to secure the jmx-console web app.
-
2. Re: Security issues
czajnik Sep 7, 2002 6:33 AM (in response to czajnik)Thanks, I'll try to figure it out.
However, shutdown.sh uses org.jboss.Shutdown class and I can't see any posibility to pass any credentials in Shutdown.java.
I guess, after securing JMX shutdown.sh script will stop working as well. -
3. Re: Security issues
juha Sep 10, 2002 8:54 AM (in response to czajnik)shutdown probably uses rmi connector to contact jmx mbean server (i haven't looked, you should check the code)
I don't know if there's a way currently to secure the jboss rmi connector. if there isn't you probably want to remove this service (html console will still keep on working) -
4. Re: Security issues
rruss Jan 8, 2003 12:44 AM (in response to czajnik)In looking at the code (v3.0.4), the Shutdown class uses the jmx-console web application to perform the shutdown. The only two parameters that it currently accepts are host and port. So, I believe you are correct in stating that shutdown.sh will stop working once you have secured the jmx-console web application.
I think it would be trivial to modify Shutdown.java to accept two new parameters for username and password. However, this would only work if jmx-console was protected with basic authentication (username/password) as opposed to something like client side certificates.