activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bruce Snyder (JIRA)" <>
Subject [jira] Updated: (AMQ-1164) ManagementContext opens insecure server
Date Fri, 20 Nov 2009 20:25:52 GMT


Bruce Snyder updated AMQ-1164:

      Component/s:     (was: Broker)
    Fix Version/s:     (was: AGING_TO_DIE)

> ManagementContext opens insecure server
> ---------------------------------------
>                 Key: AMQ-1164
>                 URL:
>             Project: ActiveMQ
>          Issue Type: Improvement
>          Components: JMX
>    Affects Versions: 4.1.0
>            Reporter: Christopher G. Stach II
>             Fix For: NEED_REVIEWED
> The use case is setting up an RMI server on a fixed port (using <amq:managementContext
rmiServerPort="xxx">) in order to pass through a firewall.  This RMI server doesn't honor
the com.sun.mangement.password.file et al environment variables.  Simply guessing the hostname
and port (and the default port being a well known port, meaning "no guesswork at all") is
enough to take full control of AMQ.
> Further, but somewhat unrelated, if one sets up a password protected Tiger JMX MBean
server, AMQ can't configure it, giving a read only error message.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message