Just my opinion for whatever it's worth: As we all know, and as Romain explains quite clearly, there is a built-in conflict between what is most convenient for the developer and what is most convenient for the production people.
I think all defaults *except* for security-impacting things should be chosen to make life easier for developers, not production people. But for anything security-related I suggest that the defaults should *always* be governed by the principle "secure out of the box". My reason is that there are (unfortunately) too many people out there who have very little clues about security, or who don't have any incentive to care about it. And as the popularity of TomEE grows, the impact of such people deploying TomEE will also grow. The consequences of that must be weighed against the inconvenience of the developer's need to relax the security settings. -- Bjorn Danielsson Cuspy Code AB Romain Manni-Bucau <[email protected]> wrote: > hmm that's not exactly what i said Alex :p > > on a project you generally have N (>5) developpers using the container to > develop (let say with tomee-maven-pugin or WTP or something else...) > > then when it is about production you have 2-3 people configuring the server > then it can be deployed in cluster automatically from the config. > > So my statement is the config work in dev is > the prod one > > So IMO it should work out of the box in dev then the prod should adapt the > conf. That's for instance what we do about datasources: we provide some > default datasources to let people use JPA out of the box then in production > you configure your real datasource, your pooling etc... > > Sorry if it was not clear. > > *Romain Manni-Bucau* > *Twitter: @rmannibucau <https://twitter.com/rmannibucau>* > *Blog: **http://rmannibucau.wordpress.com/*<http://rmannibucau.wordpress.com/> > *LinkedIn: **http://fr.linkedin.com/in/rmannibucau* > *Github: https://github.com/rmannibucau* > > > > > 2012/10/6 Alex The Rocker <[email protected]> > >> Hello, >> >> This is to continue the discussion started in users@ list around JIRA >> improvement item https://issues.apache.org/jira/browse/TOMEE-450 >> >> I'm a bit surprised by Romain's statement that TomEE is primarily used by >> developers : I thought that in real world there are more app servers used >> to deploy than to develop ; even if since TomEE is new it's not yet the >> case. >> >> Any opinion? >> >> Alex >>
