On Wed, Nov 28, 2012 at 3:09 PM, Fabian Christ <[email protected]> wrote: > ...I am -1 for making this the default. > > I would prefer to keep the default really simple. If people want security > they have to do something for it. This is true for most systems and > frameworks that I know about....
Same here - my use case for Stanbol is a stateless service that doesn't need any security by itself. If I need to control access to it I'll configure something at the network level or put an httpd server in front. I don't think Solr, for example has security features enabled by default, not even sure if it does provide any security feature. Optional security features are fine as long as they don't burden the simple use case and don't make the code more complex than it needs to be. -Bertrand
