"ryan.campbell(a)jboss.com" wrote : I'm skeptical that the existing approach will actually push users to read any documentation. Binding to localhost does at least stop us being insecure by default and is something we do in Red Hat Enterprise Linux with servers such as sendmail. However we've also discussed a better solution -- having HTTP Basic authentication turned on by default for any consoles, with no username and password configured. A user browsing the console for the first time (if they don't use the installer) would be prompted to log in and when failing to log in a custom "403 Authentication Required" response would be displayed and could point them at the documentation. Using the installer would by default give the user the ability to setup this user/password. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4025177#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...