That concern won't apply in my scenario -- the domain is wide-open with
no password protection...
On 5/4/2011 11:37 AM, Tom Mueller wrote:
> We had a discussion about this when enable-secure-admin was being
> developed, but I haven't been able to find a record of that. The
> debate was about how much information to give the user in this case.
> Generally, for security reason you want to give a potential attacker
> as little information as possible as to why they cannot access the
> system. On the other hand, for user-friendliness, you might want to
> tell them to run enable-secure-admin to allow this operation.
>
> Tom
>
>
> On 5/4/2011 12:55 PM, Byron Nevins wrote:
>> Scenario:
>>
>> On MachineB --
>>
>> 1. asadmin delete-domain domain1
>> 2. asadmin create-domain --nopassword domain1
>> 3. asadmin start-domain domain1
>>
>>
>> On MachineA --
>>
>> 1. asadmin --host machineB deploy hello.war
>>
>> Result:
>>
>> *HTTP connection failed with code 403, message: Forbidden*
>>
>> ===============
>>
>> Which is fairly easily solved. But there is no hint at all for the
>> user on how to proceed. Should we give them a clue in the error message?
>>
>>
>> Oracle <http://www.oracle.com>
>> Byron Nevins | Principal MTS
>> Phone: +1 6503958992 <tel:+1%206503958992>
>>
>> Green Oracle <http://www.oracle.com/commitment> Oracle is committed
>> to developing practices and products that help protect the environment
--
Oracle <http://www.oracle.com>
Byron Nevins | Principal MTS
Phone: +1 6503958992 <tel:+1%206503958992>
Green Oracle <http://www.oracle.com/commitment> Oracle is committed to
developing practices and products that help protect the environment