[wsas-java-dev] Security improvements to WSAS
Samisa Abeysinghe
samisa at wso2.com
Mon Feb 5 18:10:19 PST 2007
Sanjiva Weerawarana wrote:
> Wait wait, why can't the user just edit tungsten.xml and set the stuff
> up? Or use a command line tool to configure it if it isn't editable?
> Basically we shouldn't *require* *any* admin console actions. It
> should be possible to bring up WSAS in a fully safe mode without any
> human intervention.
I suppose that is where whole this conversation started up: "We need to
force the Admin user to change the default password the first time he
tries to login, since there is a possibility someone may forget to
change this when WSAS is used in production."
Then there was this concern over the window of vulnerability between
installation and first login.
This is like the that "scott/tiger" problem in Oracle.
Samisa...
More information about the Wsas-java-dev
mailing list