You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@activemq.apache.org by "Timothy Bish (Closed) (JIRA)" <ji...@apache.org> on 2012/02/17 21:42:57 UTC

[jira] [Closed] (AMQ-1164) ManagementContext opens insecure server

     [ https://issues.apache.org/jira/browse/AMQ-1164?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Timothy Bish closed AMQ-1164.
-----------------------------

    Resolution: Not A Problem

See the ActiveMQ docs for information on securing the JMXConnector: http://activemq.apache.org/jmx.html
                
> ManagementContext opens insecure server
> ---------------------------------------
>
>                 Key: AMQ-1164
>                 URL: https://issues.apache.org/jira/browse/AMQ-1164
>             Project: ActiveMQ
>          Issue Type: Improvement
>          Components: JMX
>    Affects Versions: 4.1.0
>            Reporter: Christopher G. Stach II
>             Fix For: NEEDS_REVIEWED
>
>
> The use case is setting up an RMI server on a fixed port (using <amq:managementContext rmiServerPort="xxx">) in order to pass through a firewall.  This RMI server doesn't honor the com.sun.mangement.password.file et al environment variables.  Simply guessing the hostname and port (and the default port being a well known port, meaning "no guesswork at all") is enough to take full control of AMQ.
> Further, but somewhat unrelated, if one sets up a password protected Tiger JMX MBean server, AMQ can't configure it, giving a read only error message.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira