Hello I was wondering if this is a security breach.
If I deploy some business critical application names myApp on Geronimo server deployed using deploy tool or hot deployer. Now with deploy tool I cannot change or uninstall this application without Geronimo username and password. If for some reason my machine is unsecured and I am dependent on Geronimo security, one can easily manuplate or uninstall my application by just placing a junk application named myApp in my hot deployer. isn't it a security breach. I think I should be allowed to 1. Configure security settings for Hot deployer 2. Start and stop hot deployment (which can be done by stopping hotdeploy module) 3. One way could be, All the hot deployer operations prompt for username and password on server console. What is your view on this? Am I missing something? Thanks Rakesh
