[jboss-dev] Default security or localhost
Dimitris Andreadis
dandread at redhat.com
Thu Feb 22 08:16:51 EST 2007
I'm very much in favor of setting the default bind address to localhost, instead of 0.0.0.0.
I think it's the best compromise between developer easy of use and addressing security
concerns for a default installation.
Scott M Stark wrote:
> For whatever reason our long standing use of unsecured consoles is now
> being reported as a security hole. To address this, either we need to
> bind to localhost by default or secure the consoles with a user that has
> no access. The latter requires a post install change to add a valid role
> or remove the security settings. We can't go with a default admin/admin
> password.
>
> The localhost approach would allow testsuites to continue to work as
> they currently do and is probably the least intrusive change. Any other
> opinions or options?
> _______________________________________________
> jboss-development mailing list
> jboss-development at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/jboss-development
More information about the jboss-development
mailing list