I was reading about JBoss security today, and came across the following page:
JBoss Security vulnerability JMX Management Console. The guy tells how common is to come across servers on the Internet that run completely unsecured JMX-Console.
I gave it a try, typed few keywords in Google, and voilà -
around one third of the Google results on the first page were links to various servers that run completely unsecured JBoss and JMX-console. Having said that, I would like to point out that I did not attempt anything naughty or malicious.
Its still amazes me how careless some people are – leaving an open door for anyone to come in. Come on people, surely in this day and age we all know how important is to keep web applications secured. Don’t be lazy, its not going to take much of your time since securing JMX-console its such a trivial task.
loading...
Related posts:
- Using Template to Deploy a JBoss Queue
Currently I am involved in a project, where I have to use Velocity template engine to deploy queues and message-driven beans to JBoss.... - Drools – Working with Stateless Session
Drools (now it is also called JBoss Rules) is an amazing open source framework which allows you to create business rules management system... - JBoss Clustering – How Many Nodes in the Cluster?
If you want to know how many nodes there are in the current cluster partition, all you have to do is to ask... - Drools – Stop Executing Current Agenda Group and All Rules
Sometimes, depends on your business rules in your application, there is a need to stop current agenda group or all rules from continuing... - Drools – Tutorial on Writing DSL Template
Few months ago I wrote a post that describes an example that uses source DRL in conjunction with DSL template. In the current...
