Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
1.5.0
-
None
-
None
Description
TomEE 1.5.0 default configuration is unsecure by default, at least with regard to those items:
- it comes with predefined users tomee-admin and tomee
- it includes tomee administration UI
(there are probably more)
A noticeable improvement for TomEE would be to deliver it "secure by default" and provide a profile management tool (command line is fine) to change its setup in a "developper mode" with admin users & admin UI enabled.
IBM WebSphere has a tool called profile management tool which allows this kind of setup in a few clicks (with couple of options).