Mladen Turk wrote:
Peter Rossbach wrote:
Yes, defaults are very fine, but secret parameter need active user
interaction.
I didn't say it will be enabled by default.
If commented out like in tc6, it would need an user intervention
anyhow, so the user uncommenting the credentials should be
aware of the consequences.
The default file is:
<!--
NOTE: By default, no user is included in the "manager" role required
to operate the "/manager" web application. If you wish to use this app,
you must define such a user - the username and password are arbitrary.
-->
<tomcat-users>
<user name="tomcat" password="tomcat" roles="tomcat" />
<user name="role1" password="tomcat" roles="role1" />
<user name="both" password="tomcat" roles="tomcat,role1" />
</tomcat-users>
It looks good enough to me, and it's been like that since Tomcat 4.0.
Are you posting this proposal because some people find it too difficult ?
Rémy
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
