[jira] [Comment Edited] (AMQ-4124) Disable sample web application from out of the box broker

Fri, 02 Nov 2012 08:35:13 -0700 

    [ 
https://issues.apache.org/jira/browse/AMQ-4124?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13489485#comment-13489485
 ] 

Gary Tully edited comment on AMQ-4124 at 11/2/12 3:34 PM:
----------------------------------------------------------

just a thought on this, it may be better to simply restrict the jetty endpoint 
to the loopback address by default. So that any vulnerability in the demos or 
any webapp is not visible by default.
Having the samples enabled out of the box makes for a nice simple intro to 
messaging and the features of the broker. Once you have localhost access to the 
machine.

but I agree, they should not be enabled for production. Maybe the loopback 
address for jetty is a separate issue.
                
      was (Author: gtully):
    just a thought on this, it may be better to simply restrict the jetty 
endpoint to the loopback address by default. So that any vulnerability in the 
demos or any webapp is not visible by default.
Having the samples enabled out of the box makes for a nice simple intro to 
messaging and the features of the broker. Once you have localhost access to the 
machine.
                  
> Disable sample web application from out of the box broker
> ---------------------------------------------------------
>
>                 Key: AMQ-4124
>                 URL: https://issues.apache.org/jira/browse/AMQ-4124
>             Project: ActiveMQ
>          Issue Type: Improvement
>          Components: Broker
>    Affects Versions: 5.7.0
>            Reporter: Claus Ibsen
>            Assignee: Claus Ibsen
>            Priority: Minor
>             Fix For: 5.8.0
>
>
> The out of the box broker you can start with bin/activemq includes a sample 
> web application. We should disable this web app as people dont want to run 
> this in the production broker. Instead we should have instructions to startup 
> the broker with a activemq-demo.xml file that has the sample instead.
> See nabble
> http://activemq.2283324.n4.nabble.com/DISCUSS-ActiveMQ-out-of-the-box-Should-not-include-the-demos-tp4658044.html

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to