You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "Matt Hogstrom (JIRA)" <ji...@apache.org> on 2006/11/17 06:47:41 UTC
[jira] Updated: (GERONIMO-1394) JMX Debug Console should require
admin-level authentication
[ http://issues.apache.org/jira/browse/GERONIMO-1394?page=all ]
Matt Hogstrom updated GERONIMO-1394:
------------------------------------
Fix Version/s: Wish List
(was: 1.2)
> JMX Debug Console should require admin-level authentication
> -----------------------------------------------------------
>
> Key: GERONIMO-1394
> URL: http://issues.apache.org/jira/browse/GERONIMO-1394
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: management
> Affects Versions: 1.0
> Environment: 1.0 RC
> Reporter: Kevan Miller
> Fix For: Wish List
>
>
> The debug console does not require user authentication. Since MBean attributes can provide configuration and security information about a server that should not be public knowledge, by default, the debug console should require admin-level authentication.
> I didn't see anything too sensitive in my sampling of MBean attributes... Whoops, I spoke too soon. Here are the attributes for the DirectoryService (note the credentials attribute)...
> ObjectName: geronimo.server:name=DirectoryService
> ClassName: org.apache.geronimo.directory.DirectoryGBean
> State: running
> Attributes
> Name Value
> anonymousAccess true
> configFile (null)
> enableNetworking true
> host 0.0.0.0
> port 1389
> providerURL ou=system
> securityAuthentication simple
> securityCredentials secret
> securityPrincipal uid=admin,ou=system
> workingDir (null)
> There's been talk of incorporating debug console into the admin console -- which i would support and would presumably address the problem... However, in the meantime, we may want/need to nail down the current debug console...
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira