Hi I logged a ticket about this https://issues.apache.org/jira/browse/AMQ-4124
On Mon, Oct 22, 2012 at 2:05 PM, Claus Ibsen <[email protected]> wrote: > Hi > > 1) > If you run ActiveMQ out of the box, eg by bin/activemq from the binary > distribution. Then it startup with the demo applications. > > I would suggest to let the out of the box startup be just the broker + > web console. If people would like to run the demo applications, then > they can run the broker by passing in a different broker configuration > file. I can't remember the exact command. > > And we can document in the README.txt and user-guide-html how to do that. > > One of the reason is the fact IMHO the broker should out of the box > not expose demo applications, and as well introduce any > vulnerabilities that the demo applications may impose on running a > broker. Also people would have to disable the demo applications > manually etc. > > > 2) > The web console should require login like Apache Tomcat does. > Currently the web console has not authentication enabled. I think we > should do like Apache Tomcat manager web console, that requires end > users to enable this (in the users.properties file for Tomcat). We can > require people to do something similar for ActiveMQ. > > Then the out of the box distro of AMQ is more secure, which IMHO is > better practice that what we have today. > > > Any thoughts. > > > > -- > Claus Ibsen > ----------------- > Red Hat, Inc. > FuseSource is now part of Red Hat > Email: [email protected] > Web: http://fusesource.com > Twitter: davsclaus > Blog: http://davsclaus.com > Author of Camel in Action: http://www.manning.com/ibsen -- Claus Ibsen ----------------- Red Hat, Inc. FuseSource is now part of Red Hat Email: [email protected] Web: http://fusesource.com Twitter: davsclaus Blog: http://davsclaus.com Author of Camel in Action: http://www.manning.com/ibsen
