Apache Ignite Developers - Legacy Mail Archive

Security issue with control.sh and ignite.sh

classic Classic list List threaded Threaded
2 messages Options
Данилов Семён
Reply | Threaded
Open this post in threaded view
|

Security issue with control.sh and ignite.sh

Данилов Семён
Hello, Igniters!

I recently got my eye on the fact that we have JMX enabled by default and it's configured in a very insecure way.
Our default JMX parameters are authenticate=false and ssl=false.

I propose removing default configuration of JMX altogether, as user must *consciously* and carefully configure such dangerous things.

I created an issue (https://issues.apache.org/jira/browse/IGNITE-13478) and pull request for those changes (https://github.com/apache/ignite/pull/8304).

Cheers, Sam.
Ivan Pavlukhin
Reply | Threaded
Open this post in threaded view
|

Re: Security issue with control.sh and ignite.sh

Ivan Pavlukhin
Hi Sam,

Good catch! What exactly should user do to enable JMX? Should the user
pass some additional arguments to scripts? It worth mentioning it in
the ticket and later in documentation.

2020-10-06 13:50 GMT+03:00, Данилов Семён <[hidden email]>:

> Hello, Igniters!
>
> I recently got my eye on the fact that we have JMX enabled by default and
> it's configured in a very insecure way.
> Our default JMX parameters are authenticate=false and ssl=false.
>
> I propose removing default configuration of JMX altogether, as user must
> *consciously* and carefully configure such dangerous things.
>
> I created an issue (https://issues.apache.org/jira/browse/IGNITE-13478) and
> pull request for those changes
> (https://github.com/apache/ignite/pull/8304).
>
> Cheers, Sam.
>


--

Best regards,
Ivan Pavlukhin
Free forum by Nabble Edit this page