I feel I was not clear enough. To protect the lazy developers, the newcomers or simply the unwary user I would make the default value a random generated string with a big warning in the log and a big "pay attention" in the docs and release notes.
This goes with the feeling that an expert developer which has to face a deploy to a cluster is more heedful and would set the value to a known and beefy one. The current implementation feels like a false sense of security for the first type of developer even more by the fact that this has been added lately to the plate (it could slip through to the newcomers) so if a random generated string is not accepted I would make it required, with a nice RuntimeException, if not set. Cheers -- Massimo http://meridio.blogspot.com --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
