JBoss Security – JMX Console

Posted on by

I was reading about JBoss security today, and came across the following page:
JBoss Security vulnerability JMX Management Console. The guy tells how common is to come across servers on the Internet that run completely unsecured JMX-Console.

I gave it a try, typed few keywords in Google, and voilà -
around one third of the Google results on the first page were links to various servers that run completely unsecured JBoss and JMX-console. Having said that, I would like to point out that I did not attempt anything naughty or malicious.

Its still amazes me how careless some people are – leaving an open door for anyone to come in. Come on people, surely in this day and age we all know how important is to keep web applications secured. Don’t be lazy, its not going to take much of your time since securing JMX-console its such a trivial task.

More from Alexander Zagniotov:

  1. How to Set SecurityManager and Java Security Policy Programmatically
    In this example I want to show how to use SecurityManager to prevent unauthorized access to private members of a...
  2. JBoss Clustering – How Many Nodes in the Cluster?
    If you want to know how many nodes there are in the current cluster partition, all you have to do...
  3. Using Template to Deploy a JBoss Queue
    Currently I am involved in a project, where I have to use Velocity template engine to deploy queues and message-driven...
  4. JBoss Clustering Architecture – Distributed Replicant Manager
    My understanding of Distributed Replicant Manager (DRM) is that it allows you to attach some serialized data (stub) to a...
  5. JBoss Clustering – HASingleton Service
    Have you ever dealt with clustered singleton service? How to determine which cluster node is the master? Well, if I...