Even with no admin password for a domain, in 3.1, we still prohibit
remote asadmin access to the DAS unless enable-secure-admin has been run.
Tom
On 5/4/2011 2:06 PM, Byron Nevins wrote:
> That concern won't apply in my scenario -- the domain is wide-open
> with no password protection...
>
>
> On 5/4/2011 11:37 AM, Tom Mueller wrote:
>> We had a discussion about this when enable-secure-admin was being
>> developed, but I haven't been able to find a record of that. The
>> debate was about how much information to give the user in this case.
>> Generally, for security reason you want to give a potential attacker
>> as little information as possible as to why they cannot access the
>> system. On the other hand, for user-friendliness, you might want to
>> tell them to run enable-secure-admin to allow this operation.
>>
>> Tom
>>
>>
>> On 5/4/2011 12:55 PM, Byron Nevins wrote:
>>> Scenario:
>>>
>>> On MachineB --
>>>
>>> 1. asadmin delete-domain domain1
>>> 2. asadmin create-domain --nopassword domain1
>>> 3. asadmin start-domain domain1
>>>
>>>
>>> On MachineA --
>>>
>>> 1. asadmin --host machineB deploy hello.war
>>>
>>> Result:
>>>
>>> *HTTP connection failed with code 403, message: Forbidden*
>>>
>>> ===============
>>>
>>> Which is fairly easily solved. But there is no hint at all for the
>>> user on how to proceed. Should we give them a clue in the error
>>> message?
>>>
>>>
>>> Oracle <http://www.oracle.com>
>>> Byron Nevins | Principal MTS
>>> Phone: +1 6503958992 <tel:+1%206503958992>
>>>
>>> Green Oracle <http://www.oracle.com/commitment> Oracle is committed
>>> to developing practices and products that help protect the environment
>
> --
> Oracle <http://www.oracle.com>
> Byron Nevins | Principal MTS
> Phone: +1 6503958992 <tel:+1%206503958992>
>
> Green Oracle <http://www.oracle.com/commitment> Oracle is committed to
> developing practices and products that help protect the environment