This would be acceptable to postpone this JIRA after 1.5.1 if you could add an "Hardening TomEE security" item in documentation and list there the steps we have in mind for the profile management tool in a future release. Providing this type of information will give more credits to TomEE as suitable production app server (there are many sites about Tomcat hardening, TomEE can't be weaker than Tomcat :))
Alex On Sat, Oct 6, 2012 at 9:55 PM, Romain Manni-Bucau <[email protected]>wrote: > like i said in the Jira i talked about it so i'm +0.8 (not +1 since the > conf is still small) > > then it will not be in 1.5.1 i think (wouldnt add too much security or > something like that so it needs some testing) > > does it sound reasonable for you? > > *Romain Manni-Bucau* > *Twitter: @rmannibucau <https://twitter.com/rmannibucau>* > *Blog: **http://rmannibucau.wordpress.com/*< > http://rmannibucau.wordpress.com/> > *LinkedIn: **http://fr.linkedin.com/in/rmannibucau* > *Github: https://github.com/rmannibucau* > > > > > 2012/10/6 Alex The Rocker <[email protected]> > > > Okay, i agree with that. So how about a profile management tool to > generate > > a TomEE configuration with minimal surface of attack? > > Alex > > > > On Sat, Oct 6, 2012 at 9:49 PM, Romain Manni-Bucau < > [email protected] > > >wrote: > > > > > hmm that's not exactly what i said Alex :p > > > > > > on a project you generally have N (>5) developpers using the container > to > > > develop (let say with tomee-maven-pugin or WTP or something else...) > > > > > > then when it is about production you have 2-3 people configuring the > > server > > > then it can be deployed in cluster automatically from the config. > > > > > > So my statement is the config work in dev is > the prod one > > > > > > So IMO it should work out of the box in dev then the prod should adapt > > the > > > conf. That's for instance what we do about datasources: we provide some > > > default datasources to let people use JPA out of the box then in > > production > > > you configure your real datasource, your pooling etc... > > > > > > Sorry if it was not clear. > > > > > > *Romain Manni-Bucau* > > > *Twitter: @rmannibucau <https://twitter.com/rmannibucau>* > > > *Blog: **http://rmannibucau.wordpress.com/*< > > > http://rmannibucau.wordpress.com/> > > > *LinkedIn: **http://fr.linkedin.com/in/rmannibucau* > > > *Github: https://github.com/rmannibucau* > > > > > > > > > > > > > > > 2012/10/6 Alex The Rocker <[email protected]> > > > > > > > Hello, > > > > > > > > This is to continue the discussion started in users@ list around > JIRA > > > > improvement item https://issues.apache.org/jira/browse/TOMEE-450 > > > > > > > > I'm a bit surprised by Romain's statement that TomEE is primarily > used > > by > > > > developers : I thought that in real world there are more app servers > > used > > > > to deploy than to develop ; even if since TomEE is new it's not yet > the > > > > case. > > > > > > > > Any opinion? > > > > > > > > Alex > > > > > > > > > >
