geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alan D. Cabrera" <>
Subject RE: Security configuration
Date Tue, 01 Jun 2004 11:07:09 GMT
> -----Original Message-----
> From: Jeremy Boynes []
> Alan D. Cabrera wrote:
> > What are the goals for the default configuration?  I had always
> > that it was a simple example of how the server could work.
> >
> The default configuration is the primary one that gets certified and
> needs to support all the J2EE functions. One of those is deployment
> (JSR88) so we need a secure way for a deployer to connect to the
> and do things like start/stop applications and distribute new ones.
> I set up a properties realm with a user "system" so that the deployer
> could authenticate and this is what I was referring to as default -
> is not particularly secure and I would prefer to have a more robust
> solution (say with encrypted passwords ;-) ) but it works for now.

Encryption/hashing of the passwords in the properties file is simple
enough to do.

The secure transmittal of the passwords to the remote Geronimo server
will be handled by using a more secure network protocol stack.


View raw message