tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Romain Manni-Bucau <>
Subject Re: v1.5.0 Security concern
Date Sat, 06 Oct 2012 14:15:51 GMT

i think the question is open and i scare a debate without end on this topic.

Why i didn't comment it: because the moment where you need it the most
often is during the development so no issue having it.

In production i hope it is adapted (and maybe tomcat-users.xml is not used
at all) so i thought it was not an issue.

That's said if *everybody *thinks it should be as Tomcat commented i see no
big issue doing it

*Romain Manni-Bucau*
*Twitter: @rmannibucau <>*
*Blog: ***<>
*LinkedIn: ***

2012/10/6 exabrial <>

> In apache-tomee-webprofile-1.5.0/conf/tomcat-users.xml, the following users
> are defined:
>   <role rolename="tomee-admin"/>
>   <user password="tomee" roles="tomee-admin,manager-gui" username="tomee"/>
> Wouldn't it be better to have those commented out by default?
> --
> View this message in context:
> Sent from the OpenEJB User mailing list archive at

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message