Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Security risk? Using JIRA without IIS proxy with a port other than 80.

matskm
matskm January 28, 2014

Hi - we are using JIRA on a machine which has IIS listening to port 80. At the moment, tomcat is listening to another port, and I have written rules in the firewall only to open that port up to certain ip-addresses.

However, for an upcoming project I would like to have JIRA accessible to lots more people without maintaining a list of all their ip addresses.

It is fine for them to access JIRA with the non-standard port. I.e.,we do not need them to come in on port 80.

So the question is, what are the security risks of opening up the JIRA port to all ip-addresses?

Put another way: Are there security risks to exposing the port that tomcat is listening to directly to the outside world?

Or: Does the JIRA & tomcat have any obvious security holes?

cheers

Mat

Answer
Watch
Like Be the first to like this
141 views

1 answer

0 votes
Davin Studer
Davin Studer
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 30, 2014

The biggest security hole that I can think of is you don't want a publicly accessible site with logins running unencrypted. Why do you have the IIS proxy in the first place can you just run Tomcat on 80/443?

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events