project_key: SOA

Out of the box jUDDI should not be used for production

Description of problem:

The out-of-the-box registry is insecure - it can inspected by anyone. This is a known condition the out of the box UDDI registry is based on Apache jUDDI and Scout. We do not recommend people to use jUDDI (in production) just as we do not recommend people to use HSQLDB in production.

This needs to be be made clear in the SOA-P docs. 

Also - the index.html file (server/*/deploy/juddi-service.sar/juddi.war/index.html) - http://hostname:8080/juddi/ displays this text:

===========================
Welcome to JBoss JUDDI
This webapp accepts POST requests to:
/inquiry
/publish
===========================

I'd recommend removing this text - it just makes it more obvious.

Version-Release number of selected component (IR or RC #, component ver)
soa-4.2.0-IR7.0.zip
standalone-soa-4.2.0-IR7.0.zip

How reproducible:
100%

Steps to Reproduce:
1. Startup the server - access juddi

Actual results:
Registry can be inspected.

Expected results:

Additional info: (e.g., stack trace)

Attachments (e.g., server log)