[
https://issues.apache.org/jira/browse/QPID-2541?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12866252#action_12866252
]
Rajith Attapattu commented on QPID-2541:
----------------------------------------
Continuing the discussion from QPID-2539,
I think there absolutely no value in a group mechanism that is not tied to
authentication.
Infact I think it's a security loophole that can be exploited.
Also we need to be careful when adding features.
Unless there is a demonstrable need for such changes we shouldn't be just
adding features for the sake of it.
This is not say that we shouldn't allow a pluggable group mechanism, but to
stress the point that it's not useful if it's not tied to the authentication
mechanism.
> Separate Group an ACL configuration and make group sources pluggable
> --------------------------------------------------------------------
>
> Key: QPID-2541
> URL: https://issues.apache.org/jira/browse/QPID-2541
> Project: Qpid
> Issue Type: Sub-task
> Components: Java Broker
> Reporter: Andrew Kennedy
> Fix For: 0.7
>
>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscr...@qpid.apache.org
