I think there are some important facts I want to point out.
1)
Upgrading a secured geoserver to 2.2 series in a production environment
opens a security leak. At first startup, the security directory is
migrated, so far, so good. Starting with version 2.2.0 there is a new super
user called "root" with administrative privileges. The password is
"geoserver". As a consequence, after upgrading, anybody can log in as an
administrator.
It is absolutely necessary to do a "master password change" after upgrading
(in a secured production environment). Perhaps we should add a paragraph
in upper case letters to the release notes ?
2)
For a fresh installation of geoserver 2.2.x, I assume the security
directory is this one
https://github.com/geoserver/geoserver/tree/master/data/release/security
This directory is not migrated. The migration would take a place at first
geoserver start. I am asking my self if it would be better to migrate once
and push the migrated security directory to github.
Next, it is not necessary to have an "admin" user because we have the
"root" user. The advantage of having no "admin" user is to force people to
do a master password change, the disadvantage is that the "admin" user is
referenced in the documentation very often.
Please remember, the master password used by "root" is also used to protect
the new geoserver key store. This password is the Achilles tendon of the
system.
Opinons ?
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
