Tim Quinn wrote on 06/23/10 01:50 PM:
> Hi.
>
> In GlassFish 2 the start-instance command accepts authentication (--user
> and --passwordfile).
Because it's a remote command, not a local command. Same in v3.
> In GlassFish 3 the start-local-instance command does not accept auth, so
> presumably any user with access to the GlassFish installation files
> could start a local instance.
>
> Of course, in GlassFish 3 (currently at least) the only thing to
> authenticate with is the DAS, and we don't want to have to contact the
> DAS to start an instance because the DAS might not be up. So in
> GlassFish 3 we rely only on the access controls in the file system to
> prevent rogue instance starts?
Right. Just like v2, I believe. In v2 I think you could manually start
a server instance using a local command.