You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@activemq.apache.org by "Christopher G. Stach II (JIRA)" <ji...@apache.org> on 2007/02/19 20:31:03 UTC
[jira] Created: (AMQ-1164) ManagementContext opens insecure server
ManagementContext opens insecure server
---------------------------------------
Key: AMQ-1164
URL: https://issues.apache.org/activemq/browse/AMQ-1164
Project: ActiveMQ
Issue Type: Improvement
Components: Broker
Affects Versions: 4.1.0
Reporter: Christopher G. Stach II
The use case is setting up an RMI server on a fixed port (using <amq:managementContext rmiServerPort="xxx">) in order to pass through a firewall. This RMI server doesn't honor the com.sun.mangement.password.file et al environment variables. Simply guessing the hostname and port (and the default port being a well known port, meaning "no guesswork at all") is enough to take full control of AMQ.
Further, but somewhat unrelated, if one sets up a password protected Tiger JMX MBean server, AMQ can't configure it, giving a read only error message.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (AMQ-1164) ManagementContext opens insecure server
Posted by "Bruce Snyder (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQ-1164?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bruce Snyder updated AMQ-1164:
------------------------------
Component/s: (was: Broker)
JMX
Fix Version/s: (was: AGING_TO_DIE)
NEED_REVIEWED
> ManagementContext opens insecure server
> ---------------------------------------
>
> Key: AMQ-1164
> URL: https://issues.apache.org/activemq/browse/AMQ-1164
> Project: ActiveMQ
> Issue Type: Improvement
> Components: JMX
> Affects Versions: 4.1.0
> Reporter: Christopher G. Stach II
> Fix For: NEED_REVIEWED
>
>
> The use case is setting up an RMI server on a fixed port (using <amq:managementContext rmiServerPort="xxx">) in order to pass through a firewall. This RMI server doesn't honor the com.sun.mangement.password.file et al environment variables. Simply guessing the hostname and port (and the default port being a well known port, meaning "no guesswork at all") is enough to take full control of AMQ.
> Further, but somewhat unrelated, if one sets up a password protected Tiger JMX MBean server, AMQ can't configure it, giving a read only error message.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (AMQ-1164) ManagementContext opens insecure server
Posted by "Gary Tully (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQ-1164?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gary Tully updated AMQ-1164:
----------------------------
Fix Version/s: 5.3.0
(was: 5.2.0)
> ManagementContext opens insecure server
> ---------------------------------------
>
> Key: AMQ-1164
> URL: https://issues.apache.org/activemq/browse/AMQ-1164
> Project: ActiveMQ
> Issue Type: Improvement
> Components: Broker
> Affects Versions: 4.1.0
> Reporter: Christopher G. Stach II
> Fix For: 5.3.0
>
>
> The use case is setting up an RMI server on a fixed port (using <amq:managementContext rmiServerPort="xxx">) in order to pass through a firewall. This RMI server doesn't honor the com.sun.mangement.password.file et al environment variables. Simply guessing the hostname and port (and the default port being a well known port, meaning "no guesswork at all") is enough to take full control of AMQ.
> Further, but somewhat unrelated, if one sets up a password protected Tiger JMX MBean server, AMQ can't configure it, giving a read only error message.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.