activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From huntc <>
Subject Re: SSL authorisation using a client's subject DN for JNDI
Date Thu, 12 Mar 2009 22:48:53 GMT

djencks wrote:
> This looks to me like it will work but I don't understand why it would  
> be more secure than having an activemq ldap user password on disk  
> somewhere.

I think that there is key difference between attempting to lock down ldap
access and permitting anonymous access to a branch of the ldap store. With
the latter one is recognising that there is a branch of the ldap store that
contains non-sensitive information. 

So then the question becomes: is it going to be a security issue knowing
which subject DNs belong to the activemq groups? 

Looking at it another way: is having public access to activemq group member
information any more insecure than browsing your /etc/group file for a list
of unix user members? :-)

Thanks again for the dialogue.

Kind regards,
View this message in context:
Sent from the ActiveMQ - User mailing list archive at

View raw message