You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ignite.apache.org by "Semyon Danilov (Jira)" <ji...@apache.org> on 2020/09/23 10:53:00 UTC
[jira] [Created] (IGNITE-13478) Security issue in JMX configuration
using ignite.sh
Semyon Danilov created IGNITE-13478:
---------------------------------------
Summary: Security issue in JMX configuration using ignite.sh
Key: IGNITE-13478
URL: https://issues.apache.org/jira/browse/IGNITE-13478
Project: Ignite
Issue Type: Bug
Components: control.sh
Affects Versions: 2.8.1
Reporter: Semyon Danilov
Assignee: Semyon Danilov
Fix For: 2.9
At the moment we have the following code:
*functions.sh*
{{JMX_PORT=`"$JAVA" -cp "${IGNITE_LIBS}" org.apache.ignite.internal.util.portscanner.GridJmxPortFinder`
#
# This variable defines necessary parameters for JMX
# monitoring and management.
#
# This enables remote unsecure access to JConsole or VisualVM.
#
# ADD YOUR ADDITIONAL PARAMETERS/OPTIONS HERE
#
if [ -n "$JMX_PORT" ]; then
JMX_MON="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=${JMX_PORT} \
-Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false"}}
So the properties -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false will be set always and there is no way to change them.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)