geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeremy Boynes <jer...@coredevelopers.net>
Subject Re: Security configuration
Date Mon, 31 May 2004 20:05:51 GMT
Alan D. Cabrera wrote:


> What are the goals for the default configuration?  I had always thought
> that it was a simple example of how the server could work.
> 

The default configuration is the primary one that gets certified and so 
needs to support all the J2EE functions. One of those is deployment 
(JSR88) so we need a secure way for a deployer to connect to the server 
and do things like start/stop applications and distribute new ones.

I set up a properties realm with a user "system" so that the deployer 
could authenticate and this is what I was referring to as default - this 
is not particularly secure and I would prefer to have a more robust 
solution (say with encrypted passwords ;-) ) but it works for now.

Any ideas/feedback from users on what they would like to see here would 
be appreciated.

--
Jeremy

Mime
View raw message