[jboss-dev-forums] [Design of JBoss jBPM] - Re: security in the console
david.lloyd@jboss.com
do-not-reply at jboss.com
Fri Jun 15 09:34:16 EDT 2007
"tom.baeyens at jboss.com" wrote : i think that exposing the usernames and passwords on the home page is good. then it's good for evaluation purposes. and also people know immediately that you can't put this into production as is. with the god identity management UI that you've added, people can easily delete all users and avoid that security risk.
But you can put this into production as is! That's the whole point. Just change the config files.
Putting the user names on the login page means that the user actually has to change the xhtml to put this into production. I think that this steps over the line and makes the console worse for both evaluation and deployment. It's a far greater benefit to the end user to just drop it in to their development environment and immediately become productive. I believe it's more valuable for our customers as well.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4054746#4054746
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4054746
More information about the jboss-dev-forums
mailing list