Hi all, If I understand the security issue with the default windows run the issue is that the default configuration enables JMX and enables it on every interfaces: is this right?
I think we should try to have a default distribution that can be run without any changes in order to lower the barrier to the causal user. So I think it is better to leave JMX disabled by default (or limited in any way that will allow to run without altering filesystem permissions) instead of asking users to change the permissions. Then, in the config file used to enable JMX we can add a clean explanation/link explaining users what to do in order to enable JMX. WDYT? Stefano --------------------------------------------------------------------- To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org
