This is unfortunate. Sounds like a security violation to have WSAS adding an easily-guessed user to the system without user intervention. If this behavior can't be changed we perhaps should firewall it as best we can by: preventing the addition of a user called "admin" and preventing login of "admin" from succeeding. I don't understand how a checkbox would help.
Jonathan Marsh - http://www.wso2.com - http://auburnmarshes.spaces.live.com > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Channa Gunawardena > Sent: Thursday, January 17, 2008 2:35 AM > To: [email protected] > Subject: [mashup-dev] A user called admin > > Hi All, > > We now allow the creation of a primary account at startup and this > account can be named admin if required. However, if this primary > account > is not named admin, wsas attempts to create an admin account itself on > server start, and this is being deleted as it is redundant. > > The problem is that if a normal user by the name of 'admin' is created, > it would be deleted the next time the server is started. I can simply > prevent this deletion from taking place, but it doesn't feel right, > because the decision was that there will be no default 'admin' user and > a normal user called admin will cause confusion as admin's privileges > are assumed. > > One compromise is to have a checkbox in the user creation page, which > grants any newly created user admin privileges. With this, a user > called > 'admin' can be created by the primary user, with all the implied > privileges, so it's a basic role management feature. Is this OK or is > there another solution? > > Bye, > Channa. > > -- > ******************************************** > Channa Gunawardena > Technical Lead, WSO2 Inc. > channa at wso2.com; Mobile: +94 71 306 2722 > "Oxygenating the Web Service Platform." > > > _______________________________________________ > Mashup-dev mailing list > [email protected] > http://www.wso2.org/cgi-bin/mailman/listinfo/mashup-dev _______________________________________________ Mashup-dev mailing list [email protected] http://www.wso2.org/cgi-bin/mailman/listinfo/mashup-dev
