RC1 has a document on security...it should answer your questions. AdminService only accepts calls from the local host, and it already has a default password..you can change it if you want
----- Original Message ----- From: "Gianluca Del buono" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, February 19, 2003 01:13 Subject: security - AdminService > Hi, > How safe is to go into a production environment leaving the AdminService > enabled ? That would make my web services vulnerable to a malicious > attack where -for example- someone could use the AdminService to easily > undeploy my services. > What are the security precautions I should take before deploying my axis > server into a production environment ? > Should I disable the AdminService ? But what are the drawback of this > option ? Or would'nt be better to set a password for the AdminService? > Is it possible , and how ? > > Many thanks in advance for your help. > > Gianluca > > >
