Hi Jacques, I think that filling the white list ,etc ... might be something to keep in the page on securing OFBiz (documentation). I understand your point about making it more "explicit" which makes sense, it has, however, the downside of making the users aware that there are different tasks to run, and also the rc scripts need to be modified to production and might be confusing (ofbiz, ofbizBackground, ofbizBackgroundSecure, ofbizSecure) might be too many options to choose from in a production environment.
No strong opinion, but I am suggesting to make it a little easier for people with a less-is-more kind of approach. Taher Alkhateeb On Sat, Aug 6, 2016 at 11:44 AM, Jacques Le Roux < [email protected]> wrote: > The idea is that by default the task does not do much. You have to follow > the advices they give to make it really effective (filling a white list is > the better way) > > That's why I separated it from the rest to make it more obvious for users. > > Currently "gradlew tasks" gives you this information > > Pattern: ofbizSecure <Commands>: Execute OFBiz startup commands > pre-loading the notsoserial Java agent > Pattern: ofbizBackgroundSecure <Commands>: Execute OFBiz startup commands > in background (secure mode) and output to console.log > > Jacques > > > > Le 06/08/2016 à 03:33, Scott Gray a écrit : > >> Why isn't whatever functionality 'ofbizSecure' provides, just included as >> part of the regular 'ofbiz' task? >> >> On 5 August 2016 at 21:35, Jacques Le Roux <[email protected]> >> wrote: >> >> Le 05/08/2016 à 11:21, Taher Alkhateeb a écrit : >>> >>> +1 makes sense >>>> >>>> Should we also remove the tasks ofbizSecure and ofbizBackgroundSecure >>>> and >>>> replace them with some scripts in /tools if people are not using them? >>>> (I >>>> assume we only use them with demos?) >>>> >>>> On Aug 5, 2016 10:07 AM, "Jacques Le Roux"<[email protected] >>>> > >>>> wrote: >>>> >>>> Nope, those are intended to be used in production if ever you need it. >>> >>> See the warning there https://cwiki.apache.org/confl >>> uence/display/OFBIZ/Keeping+OFBiz+secure for details >>> >>> Jacques >>> >>> >>> >
