[jboss-dev-forums] [Design of Security on JBoss] - Re: AS 4.2.0 binding to localhost
dimitris@jboss.org
do-not-reply at jboss.com
Mon Mar 5 16:30:58 EST 2007
I'm pessimistic, too, in that creating a locked up static config will make more damage in our reputation for being developer friendly, than do good in our reputation for being unsecure.
And AFAIK. the user perception that we are "unsecure" came from a default installation. If you check the jboss forums people rarely complaint about an unsecure jboss - most of them know what they are doing.
There is so much you can do with a static configuration that needs to satisfy everyone. If there is no tools support for altering a jboss configuration at installation time, this is not a problem of the .zip distro. It's the problem of the tool.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4025214#4025214
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4025214
More information about the jboss-dev-forums
mailing list