geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alan D. Cabrera" <...@toolazydogs.com>
Subject RE: Security configuration
Date Tue, 01 Jun 2004 11:07:09 GMT
> -----Original Message-----
> From: Jeremy Boynes [mailto:jeremy@coredevelopers.net]
> 
> Alan D. Cabrera wrote:
> 
> 
> > What are the goals for the default configuration?  I had always
thought
> > that it was a simple example of how the server could work.
> >
> 
> The default configuration is the primary one that gets certified and
so
> needs to support all the J2EE functions. One of those is deployment
> (JSR88) so we need a secure way for a deployer to connect to the
server
> and do things like start/stop applications and distribute new ones.
> 
> I set up a properties realm with a user "system" so that the deployer
> could authenticate and this is what I was referring to as default -
this
> is not particularly secure and I would prefer to have a more robust
> solution (say with encrypted passwords ;-) ) but it works for now.

Encryption/hashing of the passwords in the properties file is simple
enough to do.

The secure transmittal of the passwords to the remote Geronimo server
will be handled by using a more secure network protocol stack.


Regards,
Alan



Mime
View raw message