ActiveMQ
  1. ActiveMQ
  2. AMQ-1164

ManagementContext opens insecure server

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Not a Problem
    • Affects Version/s: 4.1.0
    • Fix Version/s: NEEDS_REVIEW
    • Component/s: JMX
    • Labels:
      None

      Description

      The use case is setting up an RMI server on a fixed port (using <amq:managementContext rmiServerPort="xxx">) in order to pass through a firewall. This RMI server doesn't honor the com.sun.mangement.password.file et al environment variables. Simply guessing the hostname and port (and the default port being a well known port, meaning "no guesswork at all") is enough to take full control of AMQ.

      Further, but somewhat unrelated, if one sets up a password protected Tiger JMX MBean server, AMQ can't configure it, giving a read only error message.

        Activity

          People

          • Assignee:
            Unassigned
            Reporter:
            Christopher G. Stach II
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development