Hi 1) If you run ActiveMQ out of the box, eg by bin/activemq from the binary distribution. Then it startup with the demo applications.
I would suggest to let the out of the box startup be just the broker + web console. If people would like to run the demo applications, then they can run the broker by passing in a different broker configuration file. I can't remember the exact command. And we can document in the README.txt and user-guide-html how to do that. One of the reason is the fact IMHO the broker should out of the box not expose demo applications, and as well introduce any vulnerabilities that the demo applications may impose on running a broker. Also people would have to disable the demo applications manually etc. 2) The web console should require login like Apache Tomcat does. Currently the web console has not authentication enabled. I think we should do like Apache Tomcat manager web console, that requires end users to enable this (in the users.properties file for Tomcat). We can require people to do something similar for ActiveMQ. Then the out of the box distro of AMQ is more secure, which IMHO is better practice that what we have today. Any thoughts. -- Claus Ibsen ----------------- Red Hat, Inc. FuseSource is now part of Red Hat Email: [email protected] Web: http://fusesource.com Twitter: davsclaus Blog: http://davsclaus.com Author of Camel in Action: http://www.manning.com/ibsen
