kwtan wrote:
I am concern with my xindice installed. I used xindice.war and deployed it
using JBoss. Everyone can login the webadmin by going to
http://localhost:8080/xindice. I have used the basic http basic
authentication, but I still think that it is not secure. Is there any
configuration to remove webadmin, or only the server can view the webadmin.
Thank you.
One obvious way is to require https using the security
configuration in web.xml together with basic auth.
Another is to limit the IP addresses for possible clients
by using org.apache.catalina.valves.RequestFilterValve.
Georg
