> -----Original Message----- > From: Jeremy Boynes [mailto:[EMAIL PROTECTED] > > Alan D. Cabrera wrote: > > > > What are the goals for the default configuration? I had always thought > > that it was a simple example of how the server could work. > > > > The default configuration is the primary one that gets certified and so > needs to support all the J2EE functions. One of those is deployment > (JSR88) so we need a secure way for a deployer to connect to the server > and do things like start/stop applications and distribute new ones. > > I set up a properties realm with a user "system" so that the deployer > could authenticate and this is what I was referring to as default - this > is not particularly secure and I would prefer to have a more robust > solution (say with encrypted passwords ;-) ) but it works for now.
Encryption/hashing of the passwords in the properties file is simple enough to do. The secure transmittal of the passwords to the remote Geronimo server will be handled by using a more secure network protocol stack. Regards, Alan
