Hi,
I don't know if java or windows is to blame for the jmx.password stuff,
but if we leave it as now, users will blame james...
I'm with Stefano on the need to have a working james without changing
anything.
The idea was to replace the remotemanager with a command line tool
('james adduser...',...) that would access jmx .
If we disable jmx, the cli commands will not work.
I googled a bit to find a workaround, but they all say to change file
permission.
I also looked at SSL security
(http://download.oracle.com/javase/1.5.0/docs/guide/management/agent.html#SSL_enabled),
but I don't get it completely, especially the SSL authentication.
I see for now 3 options:
1.- Disable jmx -> Oblige user to change spring-beans.xml to enable it,
no cli management.
2.- Enable jmx wide-open (no username/pwd) -> not really secured for a
professional solution
3.- Enable jmx with username/pwd -> we know the consequences.
Option 2 may be the less bad (more user friendly) and we could stress on
doc to enable username/pwd.
Tks,
Eric
On 2/11/2010 19:50, Stefano Bagnara wrote:
Hi all,
If I understand the security issue with the default windows run the
issue is that the default configuration enables JMX and enables it on
every interfaces: is this right?
I think we should try to have a default distribution that can be run
without any changes in order to lower the barrier to the causal user.
So I think it is better to leave JMX disabled by default (or limited
in any way that will allow to run without altering filesystem
permissions) instead of asking users to change the permissions.
Then, in the config file used to enable JMX we can add a clean
explanation/link explaining users what to do in order to enable JMX.
WDYT?
Stefano
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
