[wsas-java-dev] Security improvements to WSAS
James Clark
james at wso2.com
Mon Feb 12 00:15:58 PST 2007
> The idea is that we customize the install for each user. The user comes
> onto our site and selects the OS, install pack, and any other
> customization that might be useful (ports for the server for example).
> They also give us their email address. We generate a secure random admin
> password, create a small update to the base RPM/ZIP/MSI and then they
> download the customized install package. And we mail them the password.
I would advise against this kind of approach:
- it breaks automated update systems like yum or apt which are the
normal way Linux users keep their systems up to date (I think Windows
has something similar)
- it prevents CD distribution
- it breaks mirroring
James
More information about the Wsas-java-dev
mailing list