On Tue, Dec 28, 2010 at 2:29 PM, Bernd Fondermann <[email protected]> wrote: > That's why I changed the default startup classes (Spring-based and > plain-standalone) to generate random passwords when the account is first > created. If the account is persisted, no new password is generated on server > restarts.
How about doing something similar to what Tomcat does, with some default users commented out? That way, no users are created by default but the admin has some simple examples to use. I think the use of random password if using an empty string will mostly confuse users. /niklas
