Bug 777676 (SOA-188)

Summary: Out of the box jUDDI should not be used for production
Product: [JBoss] JBoss Enterprise SOA Platform 4 Reporter: Len DiMaggio <ldimaggi>
Component: DocumentationAssignee: Joshua Wulf <jwulf>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: 4.2 IR7CC: lcarlon
Target Milestone: ---   
Target Release: 4.2 CR3   
Hardware: Unspecified   
OS: Unspecified   
URL: http://jira.jboss.org/jira/browse/SOA-188
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-12-12 15:20:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Len DiMaggio 2007-11-28 18:32:35 UTC 
project_key: SOA

Out of the box jUDDI should not be used for production

Description of problem:

The out-of-the-box registry is insecure - it can inspected by anyone. This is a known condition the out of the box UDDI registry is based on Apache jUDDI and Scout. We do not recommend people to use jUDDI (in production) just as we do not recommend people to use HSQLDB in production.

This needs to be be made clear in the SOA-P docs. 

Also - the index.html file (server/*/deploy/juddi-service.sar/juddi.war/index.html) - http://hostname:8080/juddi/ displays this text:

===========================
Welcome to JBoss JUDDI
This webapp accepts POST requests to:
/inquiry
/publish
===========================

I'd recommend removing this text - it just makes it more obvious.

Version-Release number of selected component (IR or RC #, component ver)
soa-4.2.0-IR7.0.zip
standalone-soa-4.2.0-IR7.0.zip

How reproducible:
100%

Steps to Reproduce:
1. Startup the server - access juddi

Actual results:
Registry can be inspected.

Expected results:

Additional info: (e.g., stack trace)

Attachments (e.g., server log)
Comment 1 Len DiMaggio 2007-12-12 15:20:30 UTC 
Closing this JIRA per the discussion at the Dec 11 SOA-P meeting.