activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From huntc <hu...@mac.com>
Subject Re: SSL authorisation using a client's subject DN for JNDI
Date Thu, 12 Mar 2009 22:48:53 GMT


djencks wrote:
> 
> 
> This looks to me like it will work but I don't understand why it would  
> be more secure than having an activemq ldap user password on disk  
> somewhere.
> 

I think that there is key difference between attempting to lock down ldap
access and permitting anonymous access to a branch of the ldap store. With
the latter one is recognising that there is a branch of the ldap store that
contains non-sensitive information. 

So then the question becomes: is it going to be a security issue knowing
which subject DNs belong to the activemq groups? 

Looking at it another way: is having public access to activemq group member
information any more insecure than browsing your /etc/group file for a list
of unix user members? :-)

Thanks again for the dialogue.

Kind regards,
Christopher
-- 
View this message in context: http://www.nabble.com/SSL-authorisation-using-a-client%27s-subject-DN-for-JNDI-tp22470806p22486792.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.


Mime
View raw message