On Sep 15, 2004, at 7:11 AM, Ken Horn wrote:
Quick question on remote JNDI access.
Does the java: provider below one provide remote access -- ie j2ee client app?
For security reasons, we want to be able to bind some/all resources for a given app into a jndi tree (by any reasonable means: subtree / provider / naming convention) that cannot be accessed outside of the cluster. This will stop users who can authenticate to the container, being able to write a client app, to pull (for example) a database connection out of jndi and bypass business rules to hit the db directly.
Ken,
I don't see how a remote client would be able to "pull" a database connection from jndi, since database connection is not serializable.
As for the meat of your question, I personally don't know the answer.
-dain
