[
https://issues.apache.org/jira/browse/AMQ-4124?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13489485#comment-13489485
]
Gary Tully commented on AMQ-4124:
---------------------------------
just a thought on this, it may be better to simply restrict the jetty endpoint
to the loopback address by default. So that any vulnerability in the demos or
any webapp is not visible by default.
Having the samples enabled out of the box makes for a nice simple intro to
messaging and the features of the broker. Once you have localhost access to the
machine.
> Disable sample web application from out of the box broker
> ---------------------------------------------------------
>
> Key: AMQ-4124
> URL: https://issues.apache.org/jira/browse/AMQ-4124
> Project: ActiveMQ
> Issue Type: Improvement
> Components: Broker
> Affects Versions: 5.7.0
> Reporter: Claus Ibsen
> Assignee: Claus Ibsen
> Priority: Minor
> Fix For: 5.8.0
>
>
> The out of the box broker you can start with bin/activemq includes a sample
> web application. We should disable this web app as people dont want to run
> this in the production broker. Instead we should have instructions to startup
> the broker with a activemq-demo.xml file that has the sample instead.
> See nabble
> http://activemq.2283324.n4.nabble.com/DISCUSS-ActiveMQ-out-of-the-box-Should-not-include-the-demos-tp4658044.html
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
