tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Romain Manni-Bucau <rmannibu...@gmail.com>
Subject Re: v1.5.0 Security concern
Date Sat, 06 Oct 2012 14:15:51 GMT
Hi,

i think the question is open and i scare a debate without end on this topic.

Why i didn't comment it: because the moment where you need it the most
often is during the development so no issue having it.

In production i hope it is adapted (and maybe tomcat-users.xml is not used
at all) so i thought it was not an issue.

That's said if *everybody *thinks it should be as Tomcat commented i see no
big issue doing it

*Romain Manni-Bucau*
*Twitter: @rmannibucau <https://twitter.com/rmannibucau>*
*Blog: **http://rmannibucau.wordpress.com/*<http://rmannibucau.wordpress.com/>
*LinkedIn: **http://fr.linkedin.com/in/rmannibucau*
*Github: https://github.com/rmannibucau*




2012/10/6 exabrial <exabrial+openejb@gmail.com>

> In apache-tomee-webprofile-1.5.0/conf/tomcat-users.xml, the following users
> are defined:
>
>   <role rolename="tomee-admin"/>
>   <user password="tomee" roles="tomee-admin,manager-gui" username="tomee"/>
>
> Wouldn't it be better to have those commented out by default?
>
>
>
> --
> View this message in context:
> http://openejb.979440.n4.nabble.com/v1-5-0-Security-concern-tp4657814.html
> Sent from the OpenEJB User mailing list archive at Nabble.com.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message