Customer would like to have a simplified way to set JMX options

Description

A customer was flagged during a security audit for CVE-2015-0225, "Java JMX RMI Accessible with Common Credentials". To remediate this audit item, the customer had to make sure that either the JMX was password protected or not accessible to anyone.

The way to set this up is not straightforward. The customer thinks it would be better if the JMX configurations were read from a file. In the end, they decided to block the remote JMX access on the server to pass security code scan.

One issue in coming up with a solution is to make sure that each of the JAVA processes is using a unique port. One way to do that is to use $AGENT_ID and pass to $XAP_COMPONENT_OPTIONS. Perhaps a solution would be better documentation. Is XAP_COMPONENT_OPTIONS going away? We don't document this environment variable.

Acceptance Test

None

Assignee

Unassigned

Reporter

Dixson Huie

Labels

None

Priority

Medium

SalesForce Case ID

12736

Fix versions

None

Commitment Version/s

None

Due date

None

Product

None

Edition

Open Source

Platform

All
Configure