[jboss-dev] Default security or localhost
Scott M Stark
sstark at redhat.com
Wed Feb 21 22:06:21 EST 2007
For whatever reason our long standing use of unsecured consoles is now
being reported as a security hole. To address this, either we need to
bind to localhost by default or secure the consoles with a user that has
no access. The latter requires a post install change to add a valid role
or remove the security settings. We can't go with a default admin/admin
password.
The localhost approach would allow testsuites to continue to work as
they currently do and is probably the least intrusive change. Any other
opinions or options?
More information about the jboss-development
mailing list