[WEB SECURITY] JBOSS JMX-Console HTTP Basic Authentication

RDX Guy rdx.guy at gmail.com
Thu Feb 13 14:41:22 EST 2014


If a JBOSS server is using HTTP Basic Authentication to access its
jmx-console, how safe it is?

If the above JBOSS is configured in a way, that it supports only HTTPS, how
safe HTTP Basic Authentication is?

If the above jboss is configured in a way that it uses HTTPS to access
jmx-console on one port e.g. 21017 BUT then there is another port 21018 on
which jmx-console is available on HTTP and using the same user-credentials
for HTTP Basic Authentication? How safe that is?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20140214/78861719/attachment.html>


More information about the websecurity mailing list