[wsas-java-dev] Security improvements to WSAS
Afkham Azeez
azeez at wso2.com
Tue Feb 6 20:02:47 PST 2007
James Clark wrote:
> Possibilities I can think of:
>
> a) provide a command-line tool that sets the initial password; the admin
> would need to run this command explicitly before WSAS would startup; it
> would be able to read the password from stdin, so it wouldn't have to be
> run interactively
We need to force the user to do this. Aren't we are making it simpler by
giving the user a prompt during the first startup, instead of first
asking the user to run toolX and change password(which is going to be
interactive anyway), and then start WSAS?
> b) generate a random default password on installation and write it to a
> file that is readable only by root (or whoever ran the installation); on
> first login require the admin to enter that password and change it to
> another password
Hmm, this seems like too much work for the user. He has to locate this
file, copy the password, login to the Mgt Console, paste it, and change
the password.
--
Afkham Azeez
GPG Fingerprint: 643F C2AF EB78 F886 40C9 B2A2 4AE2 C887 665E 0760
http://www.wso2.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : http://wso2.org/pipermail/wsas-java-dev/attachments/20070207/f1b8729a/signature.pgp
More information about the Wsas-java-dev
mailing list