3 Replies Latest reply on Nov 19, 2003 4:24 AM by Juha Lindfors

    web-console authentification

    Raphael M. Grochtmann Newbie

      Hi,

      why is it that neither the web-console (nor the jmx-console) are
      behind a username/password authentification and thus a JBoss
      appserver is open for beeing managed (attacked) from outside
      by default? Would'nt it be better to have it the other way around?

      How can I secure the web-console? I did it for the jmx-console
      but since the web-console comes in a single war file it's a little
      bit more work (which I would have to do for a list of JBoss servers
      in our environment). Is there an easier way than unpacking,
      securing and repacking it?

      Regards,
      Raphael