[ https://issues.apache.org/jira/browse/QPID-2541?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12866252#action_12866252 ]
Rajith Attapattu commented on QPID-2541: ---------------------------------------- Continuing the discussion from QPID-2539, I think there absolutely no value in a group mechanism that is not tied to authentication. Infact I think it's a security loophole that can be exploited. Also we need to be careful when adding features. Unless there is a demonstrable need for such changes we shouldn't be just adding features for the sake of it. This is not say that we shouldn't allow a pluggable group mechanism, but to stress the point that it's not useful if it's not tied to the authentication mechanism. > Separate Group an ACL configuration and make group sources pluggable > -------------------------------------------------------------------- > > Key: QPID-2541 > URL: https://issues.apache.org/jira/browse/QPID-2541 > Project: Qpid > Issue Type: Sub-task > Components: Java Broker > Reporter: Andrew Kennedy > Fix For: 0.7 > > -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. --------------------------------------------------------------------- Apache Qpid - AMQP Messaging Implementation Project: http://qpid.apache.org Use/Interact: mailto:dev-subscr...@qpid.apache.org