On 3/9/12 2:25 PM, Bill Shannon wrote:
hat this file needs to be kept safe.
>
> If people feel that it would be both more secure and sufficiently
> convenient to provide this information in a bundle separate from
> the application, we could consider that. We already have the ability
> to provide deployment descriptors separately from the application so
> we could enhance that mechanism to support this use case as well.
> We would have to define whether updating this information without
> changing the application bundle is equivalent to redeployment (which
> in the worst case it seems like it would be), or whether there would
> be requirements on what you're allowed to change while the application
> is running, and when the application is required to see those changes.
OK I'm going to discuss this with some of our internal security experts,
and get their opinion on the original proposal and get back to you.
--
Jason T. Greene
JBoss AS Lead / EAP Platform Architect
JBoss, a division of Red Hat