I don't think that for lazy developers it needs to be secure at all :) On Oct 4, 2012, at 6:48 PM, Massimo Lusetti wrote:
> I feel I was not clear enough. > > To protect the lazy developers, the newcomers or simply the unwary > user I would make the default value a random generated string with a > big warning in the log and a big "pay attention" in the docs and > release notes. > > This goes with the feeling that an expert developer which has to face > a deploy to a cluster is more heedful and would set the value to a > known and beefy one. > > The current implementation feels like a false sense of security for > the first type of developer even more by the fact that this has been > added lately to the plate (it could slip through to the newcomers) so > if a random generated string is not accepted I would make it required, > with a nice RuntimeException, if not set. > > Cheers > -- > Massimo > http://meridio.blogspot.com > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
