When deploying web dynpro's to the WAS from NWDS, I'm prompted for a password.
However, if I restart or stop the server from NWDS, I'm <b>not</b> prompted for a password.
So if I obtain the url of any production server that has a J2EE engine running, an I set it up in my preferences, I can stop/start it at will.
Isn't that undesirable from a security point of view? Did we misconfigure something?