The idea is that by default the task does not do much. You have to follow the advices they give to make it really effective (filling a white list is
the better way)
That's why I separated it from the rest to make it more obvious for users.
Currently "gradlew tasks" gives you this information
Pattern: ofbizSecure <Commands>: Execute OFBiz startup commands pre-loading the
notsoserial Java agent
Pattern: ofbizBackgroundSecure <Commands>: Execute OFBiz startup commands in
background (secure mode) and output to console.log
Jacques
Le 06/08/2016 à 03:33, Scott Gray a écrit :
Why isn't whatever functionality 'ofbizSecure' provides, just included as
part of the regular 'ofbiz' task?
On 5 August 2016 at 21:35, Jacques Le Roux <jacques.le.r...@les7arts.com>
wrote:
Le 05/08/2016 à 11:21, Taher Alkhateeb a écrit :
+1 makes sense
Should we also remove the tasks ofbizSecure and ofbizBackgroundSecure and
replace them with some scripts in /tools if people are not using them? (I
assume we only use them with demos?)
On Aug 5, 2016 10:07 AM, "Jacques Le Roux"<jacques.le.r...@les7arts.com>
wrote:
Nope, those are intended to be used in production if ever you need it.
See the warning there https://cwiki.apache.org/confl
uence/display/OFBIZ/Keeping+OFBiz+secure for details
Jacques
