activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher G. Stach II (JIRA)" <j...@apache.org>
Subject [jira] Created: (AMQ-1164) ManagementContext opens insecure server
Date Mon, 19 Feb 2007 19:31:03 GMT
ManagementContext opens insecure server
---------------------------------------

                 Key: AMQ-1164
                 URL: https://issues.apache.org/activemq/browse/AMQ-1164
             Project: ActiveMQ
          Issue Type: Improvement
          Components: Broker
    Affects Versions: 4.1.0
            Reporter: Christopher G. Stach II


The use case is setting up an RMI server on a fixed port (using <amq:managementContext
rmiServerPort="xxx">) in order to pass through a firewall.  This RMI server doesn't honor
the com.sun.mangement.password.file et al environment variables.  Simply guessing the hostname
and port (and the default port being a well known port, meaning "no guesswork at all") is
enough to take full control of AMQ.

Further, but somewhat unrelated, if one sets up a password protected Tiger JMX MBean server,
AMQ can't configure it, giving a read only error message.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message