Security risk? Using JIRA without IIS proxy with a port other than 80.

Hi - we are using JIRA on a machine which has IIS listening to port 80. At the moment, tomcat is listening to another port, and I have written rules in the firewall only to open that port up to certain ip-addresses.

However, for an upcoming project I would like to have JIRA accessible to lots more people without maintaining a list of all their ip addresses.

It is fine for them to access JIRA with the non-standard port. I.e.,we do not need them to come in on port 80.

So the question is, what are the security risks of opening up the JIRA port to all ip-addresses?

Put another way: Are there security risks to exposing the port that tomcat is listening to directly to the outside world?

Or: Does the JIRA & tomcat have any obvious security holes?

cheers

Mat

1 answer

0 votes
Davin Studer Community Champion Jan 30, 2014

The biggest security hole that I can think of is you don't want a publicly accessible site with logins running unencrypted. Why do you have the IIS proxy in the first place can you just run Tomcat on 80/443?

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Sep 18, 2018 in Jira

What modern development practices are at the heart of how your team delivers software?

Hey Community mates! Claire here from the Software Product Marketing team. We all know software development changes rapidly, and it's often tough to keep up. But from our research, we've found the h...

24,675 views 2 7
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you