activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gary Tully (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (AMQ-4124) Disable sample web application from out of the box broker
Date Fri, 02 Nov 2012 15:35:12 GMT

    [ https://issues.apache.org/jira/browse/AMQ-4124?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13489485#comment-13489485
] 

Gary Tully edited comment on AMQ-4124 at 11/2/12 3:34 PM:
----------------------------------------------------------

just a thought on this, it may be better to simply restrict the jetty endpoint to the loopback
address by default. So that any vulnerability in the demos or any webapp is not visible by
default.
Having the samples enabled out of the box makes for a nice simple intro to messaging and the
features of the broker. Once you have localhost access to the machine.

but I agree, they should not be enabled for production. Maybe the loopback address for jetty
is a separate issue.
                
      was (Author: gtully):
    just a thought on this, it may be better to simply restrict the jetty endpoint to the
loopback address by default. So that any vulnerability in the demos or any webapp is not visible
by default.
Having the samples enabled out of the box makes for a nice simple intro to messaging and the
features of the broker. Once you have localhost access to the machine.
                  
> Disable sample web application from out of the box broker
> ---------------------------------------------------------
>
>                 Key: AMQ-4124
>                 URL: https://issues.apache.org/jira/browse/AMQ-4124
>             Project: ActiveMQ
>          Issue Type: Improvement
>          Components: Broker
>    Affects Versions: 5.7.0
>            Reporter: Claus Ibsen
>            Assignee: Claus Ibsen
>            Priority: Minor
>             Fix For: 5.8.0
>
>
> The out of the box broker you can start with bin/activemq includes a sample web application.
We should disable this web app as people dont want to run this in the production broker. Instead
we should have instructions to startup the broker with a activemq-demo.xml file that has the
sample instead.
> See nabble
> http://activemq.2283324.n4.nabble.com/DISCUSS-ActiveMQ-out-of-the-box-Should-not-include-the-demos-tp4658044.html

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message