Fully agree with all Alex. Maybe you could fill a jira and propose kinda profile or at least sine peace if code.
Regarding the doc, That's also an area where you could help. It became simpler with the new website based on Apache cms. Jlouis Le 6 oct. 2012 22:01, "Alex The Rocker" <[email protected]> a écrit : > This would be acceptable to postpone this JIRA after 1.5.1 if you could add > an "Hardening TomEE security" item in documentation and list there the > steps we have in mind for the profile management tool in a future release. > Providing this type of information will give more credits to TomEE as > suitable production app server (there are many sites about Tomcat > hardening, TomEE can't be weaker than Tomcat :)) > > Alex > > On Sat, Oct 6, 2012 at 9:55 PM, Romain Manni-Bucau <[email protected] > >wrote: > > > like i said in the Jira i talked about it so i'm +0.8 (not +1 since the > > conf is still small) > > > > then it will not be in 1.5.1 i think (wouldnt add too much security or > > something like that so it needs some testing) > > > > does it sound reasonable for you? > > > > *Romain Manni-Bucau* > > *Twitter: @rmannibucau <https://twitter.com/rmannibucau>* > > *Blog: **http://rmannibucau.wordpress.com/*< > > http://rmannibucau.wordpress.com/> > > *LinkedIn: **http://fr.linkedin.com/in/rmannibucau* > > *Github: https://github.com/rmannibucau* > > > > > > > > > > 2012/10/6 Alex The Rocker <[email protected]> > > > > > Okay, i agree with that. So how about a profile management tool to > > generate > > > a TomEE configuration with minimal surface of attack? > > > Alex > > > > > > On Sat, Oct 6, 2012 at 9:49 PM, Romain Manni-Bucau < > > [email protected] > > > >wrote: > > > > > > > hmm that's not exactly what i said Alex :p > > > > > > > > on a project you generally have N (>5) developpers using the > container > > to > > > > develop (let say with tomee-maven-pugin or WTP or something else...) > > > > > > > > then when it is about production you have 2-3 people configuring the > > > server > > > > then it can be deployed in cluster automatically from the config. > > > > > > > > So my statement is the config work in dev is > the prod one > > > > > > > > So IMO it should work out of the box in dev then the prod should > adapt > > > the > > > > conf. That's for instance what we do about datasources: we provide > some > > > > default datasources to let people use JPA out of the box then in > > > production > > > > you configure your real datasource, your pooling etc... > > > > > > > > Sorry if it was not clear. > > > > > > > > *Romain Manni-Bucau* > > > > *Twitter: @rmannibucau <https://twitter.com/rmannibucau>* > > > > *Blog: **http://rmannibucau.wordpress.com/*< > > > > http://rmannibucau.wordpress.com/> > > > > *LinkedIn: **http://fr.linkedin.com/in/rmannibucau* > > > > *Github: https://github.com/rmannibucau* > > > > > > > > > > > > > > > > > > > > 2012/10/6 Alex The Rocker <[email protected]> > > > > > > > > > Hello, > > > > > > > > > > This is to continue the discussion started in users@ list around > > JIRA > > > > > improvement item https://issues.apache.org/jira/browse/TOMEE-450 > > > > > > > > > > I'm a bit surprised by Romain's statement that TomEE is primarily > > used > > > by > > > > > developers : I thought that in real world there are more app > servers > > > used > > > > > to deploy than to develop ; even if since TomEE is new it's not yet > > the > > > > > case. > > > > > > > > > > Any opinion? > > > > > > > > > > Alex > > > > > > > > > > > > > > >
