I would say keep the dev friendly pattern in the trunk.
I would change it in the relaase branches since they are more targeted
as end users.
write up a docbook section for the Tech on how to deal with them and the
security issues. use the id="" in the section so you can put a link on
the wiki to the section on the localhost.
add demo server script to comment them out if necessary.
on a side note, it would be great to add a note on the nightly builds
that these are meant for users without configuration.
=========================
BJ Freeman
Strategic Power Office with Supplier Automation
<http://www.businessesnetwork.com/automation/viewforum.php?f=52>
Specialtymarket.com <http://www.specialtymarket.com/>
Systems Integrator-- Glad to Assist
Chat Y! messenger: bjfr33man
Jacques Le Roux sent the following on 1/23/2011 10:04 AM:
Hi,
Thanks to Rene Scheibe, I have just commited (completed at revision:
1062476) a Groovysh container. It's just fine (though when you
type a char on Windows it's duplicated, but it works, see
https://issues.apache.org/jira/browse/OFBIZ-3954) but I wonder if we
should not rather provide those Beanshell and Groovysh containers
commented out. I know it will break the policy we use that
provide OOTB a develop friendly version rather than an user/production
ready. But it will prevent any admin/user oversights,
because it's an important security concern. If a dev needs them, it's
really easy to uncomment? What do you think?
Thanks
Jacques