[wsas-java-dev] Security improvements to WSAS
Samisa Abeysinghe
samisa at wso2.com
Mon Feb 5 00:03:05 PST 2007
James Clark wrote:
>>
>> Why should the initial setup be that secure? I do not think anyone would
>> deploy the initial setup in a production environment.
>>
>
> The short answer is that we should make things secure even for people
> that are not sophisticated, competent and security-savvy.
>
> The simplest, more direct way to get something deployed on some server
> is to set things up directly on that server. Obviously eBay isn't going
> to do that, but maybe some overworked admin who's deploying on some
> virtual hosted system somewhere might do. If they don't deploy it
> directly, then they have to somehow move it over, which may not be
> trivial: they may not have any local systems that are similar to the
> production system. Also think of the case of using WSAS for the mashup
> server: this is running on users' PCs that are connected directly to the
> internet.
>
So if we make the default password changing to be part of the
installation process, would that cater for the situation?
Samisa...
More information about the Wsas-java-dev
mailing list