Hi.
In GlassFish 2 the start-instance command accepts authentication (--
user and --passwordfile).
In GlassFish 3 the start-local-instance command does not accept auth,
so presumably any user with access to the GlassFish installation files
could start a local instance.
Of course, in GlassFish 3 (currently at least) the only thing to
authenticate with is the DAS, and we don't want to have to contact the
DAS to start an instance because the DAS might not be up. So in
GlassFish 3 we rely only on the access controls in the file system to
prevent rogue instance starts?
- Tim