I was reading about JBoss security today, and came across the following page:
JBoss Security vulnerability JMX Management Console. The guy tells how common is to come across servers on the Internet that run completely unsecured JMX-Console.

I gave it a try, typed few keywords in Google, and voilà -
around one third of the Google results on the first page were links to various servers that run completely unsecured JBoss and JMX-console. Having said that, I would like to point out that I did not attempt anything naughty or malicious.

Its still amazes me how careless some people are - leaving an open door for anyone to come in. Come on people, surely in this day and age we all know how important is to keep web applications secured. Don't be lazy, its not going to take much of your time since securing JMX-console its such a trivial task.

Related Posts
Drools - tutorial on writing DSL template
Drools - Stop executing current agenda group and all rules
Using template to deploy a JBoss queue
JBoss Clustering - HASingleton service
Drools - working with Stateless session
JBoss Clustering - How many nodes in the cluster?
JBoss Clustering - Shared state across cluster partition
JBoss Clustering Architecture - Distributed Replicant Manager

If you like this post, then consider subscribing to the full feed RSS.