cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Hawkins (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-9085) Bind JMX to localhost unless explicitly configured otherwise
Date Tue, 24 Nov 2015 23:25:11 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-9085?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15025694#comment-15025694
] 

Brian Hawkins commented on CASSANDRA-9085:
------------------------------------------

C* no longer uses phantom references as of what version?  I'm on 2.0.14.

What is wrong with local JMX in production?  The idea was an open jmx port is a security problem
so a local jmx seems like a good solution.  

> Bind JMX to localhost unless explicitly configured otherwise
> ------------------------------------------------------------
>
>                 Key: CASSANDRA-9085
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-9085
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Configuration, Observability
>            Reporter: T Jake Luciani
>            Assignee: T Jake Luciani
>            Priority: Critical
>             Fix For: 2.0.14, 2.1.4
>
>
> Cassandra's default JMX config can lead to someone executing arbitrary code:  see http://www.mail-archive.com/user@cassandra.apache.org/msg41819.html



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message