You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@activemq.apache.org by "Gary Tully (JIRA)" <ji...@apache.org> on 2012/11/02 16:35:12 UTC

[jira] [Comment Edited] (AMQ-4124) Disable sample web application from out of the box broker

    [ https://issues.apache.org/jira/browse/AMQ-4124?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13489485#comment-13489485 ] 

Gary Tully edited comment on AMQ-4124 at 11/2/12 3:34 PM:
----------------------------------------------------------

just a thought on this, it may be better to simply restrict the jetty endpoint to the loopback address by default. So that any vulnerability in the demos or any webapp is not visible by default.
Having the samples enabled out of the box makes for a nice simple intro to messaging and the features of the broker. Once you have localhost access to the machine.

but I agree, they should not be enabled for production. Maybe the loopback address for jetty is a separate issue.
                
      was (Author: gtully):
    just a thought on this, it may be better to simply restrict the jetty endpoint to the loopback address by default. So that any vulnerability in the demos or any webapp is not visible by default.
Having the samples enabled out of the box makes for a nice simple intro to messaging and the features of the broker. Once you have localhost access to the machine.
                  
> Disable sample web application from out of the box broker
> ---------------------------------------------------------
>
>                 Key: AMQ-4124
>                 URL: https://issues.apache.org/jira/browse/AMQ-4124
>             Project: ActiveMQ
>          Issue Type: Improvement
>          Components: Broker
>    Affects Versions: 5.7.0
>            Reporter: Claus Ibsen
>            Assignee: Claus Ibsen
>            Priority: Minor
>             Fix For: 5.8.0
>
>
> The out of the box broker you can start with bin/activemq includes a sample web application. We should disable this web app as people dont want to run this in the production broker. Instead we should have instructions to startup the broker with a activemq-demo.xml file that has the sample instead.
> See nabble
> http://activemq.2283324.n4.nabble.com/DISCUSS-ActiveMQ-out-of-the-box-Should-not-include-the-demos-tp4658044.html

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira