[ https://issues.apache.org/jira/browse/AXIS2-5910?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
robert lazarski reassigned AXIS2-5910: -------------------------------------- Assignee: robert lazarski > axis2.xml uses weak password , automated penetration tools are complaining > -------------------------------------------------------------------------- > > Key: AXIS2-5910 > URL: https://issues.apache.org/jira/browse/AXIS2-5910 > Project: Axis2 > Issue Type: Bug > Reporter: robert lazarski > Assignee: robert lazarski > Priority: Major > > There are 48 axis2.xml files in source control it seems, and they all have > the same weak password in each file. > As penetration tools become ubiquitous, they are all finding the same problem > with these weak credentials in axis2.xml . > We should consider the Tomcat approach and just comment out the entire > username / password section, as that doesn't seem to break anything. It > doesn't, for example, break the happyaxis.jsp . > Next step I suppose would be replacing all 48 files with comments, and > running the unit tests? > [https://svn.apache.org/viewvc/tomcat/trunk/conf/tomcat-users.xml?view=co&revision=1745083&content-type=text%2Fplain] > > -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org