This content has been marked as final.
Show 3 replies
-
1. Re: Update JBoss to maintain security?
aq12ws Aug 10, 2006 6:58 AM (in response to maraudermuc)Hi ,
Are you talking about securing the JBoss or upgrading ? The out of the box JBoss intallation is not secure . If u expose the jmx-console , your server can be shutdown from the web itself .
If u are talking about security issues like this then i can provide more information on that ,.
Rgds,
Alok -
2. Re: Update JBoss to maintain security?
maraudermuc Aug 11, 2006 3:11 AM (in response to maraudermuc)"aq12ws" wrote:
Hi ,
Are you talking about securing the JBoss or upgrading ?
I intended to ask, if I should upgrade JBoss to the latest "patchlevel" for security reasons.
E.g. It is recommended to upgrade apache 2.0.x to the latest version 2.0.58, because security-holes have been fixed in this version.
Is this also best practice for JBoss - so if I use 3.2.3 should I go for 3.2.8 SP1 to have all known bugs fixed... or are there no security-related fixes in JBoss?"aq12ws" wrote:
The out of the box JBoss intallation is not secure . If u expose the jmx-console , your server can be shutdown from the web itself .
If u are talking about security issues like this then i can provide more information on that ,.
The server has been setup with regard to security a while ago (not from me)... and of course is not fully exposed to the net.
Anyhow - I would be very interested in more information on securing JBoss to double-check our settings and learn from more experienced users...
Thx for the help,
Thorsten -
3. Re: Update JBoss to maintain security?
jyotsna.hcl Aug 11, 2006 6:13 AM (in response to maraudermuc)how to make session beans secure and entity beans insecure in jboss.xml