3 Replies Latest reply on Mar 24, 2009 1:32 PM by Peter Johnson

    Default installations are unsecured

    Ondrej Medek Apprentice




      Just try to google for "jboss jmx management console" or "MBean inspector" and you can hack or shutdown lot of JBoss instalations.

      I know that it is fault of the admins, but there are techniques how to prevent it. Maybe collegues from RedHat security can advise. Something like:

      - the console is secured and random password for admin is generated during the installation process (or maybe during the first run of the server? or anytime a password is null a random password is generated?)

      - the console is not configured by default. instead, the localhost:8080 points to a static web page, which tell the user how to start secured (or unsecured) jmx-console