Hide Forgot
project_key: SOA Out of the box jUDDI should not be used for production Description of problem: The out-of-the-box registry is insecure - it can inspected by anyone. This is a known condition the out of the box UDDI registry is based on Apache jUDDI and Scout. We do not recommend people to use jUDDI (in production) just as we do not recommend people to use HSQLDB in production. This needs to be be made clear in the SOA-P docs. Also - the index.html file (server/*/deploy/juddi-service.sar/juddi.war/index.html) - http://hostname:8080/juddi/ displays this text: =========================== Welcome to JBoss JUDDI This webapp accepts POST requests to: /inquiry /publish =========================== I'd recommend removing this text - it just makes it more obvious. Version-Release number of selected component (IR or RC #, component ver) soa-4.2.0-IR7.0.zip standalone-soa-4.2.0-IR7.0.zip How reproducible: 100% Steps to Reproduce: 1. Startup the server - access juddi Actual results: Registry can be inspected. Expected results: Additional info: (e.g., stack trace) Attachments (e.g., server log)
Closing this JIRA per the discussion at the Dec 11 SOA-P meeting.