For 3.1.2 we are planning some changes where GlassFish will become
more diligent about requiring an admin password to be set when
remote administration is enabled (as done by the enable-secure-admin
command). This e-mail is to give you a heads up that the change is
coming.
In 3.1[.1] the default GlassFish installation has remote administration
disabled and no admin password configured (unless you choose to
configure one). So by default you can administer GlassFish only
from the system it is installed on, but you can do so without an
admin password.
We are not changing that behavior.
The problem is you can later turn on remote administration (using
enable-secure-admin) without having an admin password set. This is
the behavior we plan on changing.
The plan is to modify enable-secure-admin and change-admin-password
(and create-file-user/update-file-user) so that you are required to
have an admin password set if you have remote administration enabled.
For example enable-secure-admin will fail if you have no admin password
set. You will need to set an admin password before running
enable-secure-admin.
Let me know if you have any questions or concerns.
Joe