Joe, In addition to your suggestions, were you thinking of making this processor disabled by default as well?
Tony On Tue, Feb 9, 2021, 11:04 PM Joe Witt <joew...@apache.org> wrote: > Team > > While secure by default may not be practical perhaps ‘not blatantly wide > open’ by default should be adopted. > > I think we should consider killing support for http entirely and support > only https. We should consider auto generating a user and password and > possibly server cert if nothing is configured and log the generated user > and password. Sure it could still be configured to be non secure but that > would truly be an admins fault. Now its just ‘on’ > > This tweet is a great example of why > > https://twitter.com/_escctrl_/status/1359280656174510081?s=21 > > > Who agrees? Who disagrees? Please share ideas. > > Thanks >
