[
https://issues.apache.org/jira/browse/JCR-1927?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12661969#action_12661969
]
Thomas Mueller commented on JCR-1927:
-------------------------------------
This is similar to Apache Derby where user name and password are ignored by
default. Other Java databases work differently:
HSQLDB uses a fixed user name (sa) and password (empty) until you change it.
In the H2 database, only the name and password of the user that created the
database is allowed by default.
> More secure default installation
> --------------------------------
>
> Key: JCR-1927
> URL: https://issues.apache.org/jira/browse/JCR-1927
> Project: Jackrabbit
> Issue Type: Improvement
> Components: jackrabbit-core
> Reporter: Jukka Zitting
>
> Currently the default installation of Jackrabbit grants login, read and write
> access to any username and password combination. It might be a good idea to
> require explicit user accounts and access rights to be configured during
> installation.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
