On 29 June 2016 at 14:11, Gordon Sim <[email protected]> wrote: > On 29/06/16 13:43, Robbie Gemmell wrote: >> >> I did it that way as a way of showing folks how to do authentication >> when creating the connection from the factory. > > > Which is indeed valuable. > >> I personally dislike >> examples using ANONYMOUS, though I can see the appeal that it avoids >> particular credentials, and may be easier out the box for certain >> servers. There are of course also other servers out there that dont do >> ANONYMOUS by default / especially obviously / at all. > > > Personally I think for servers, having anonymous enabled by default is safer > than having a predefined guest user. However... >
I see them as equally poor in terms of end state security, but the latter at least requires using the functionality needed to authenticate once you change the credentials. Obviously both require you to take certain [different] steps to prevent default access. >> Not sure there is a good answer... > > > What about (a) mentioning the issue in the README (alongside the fact that a > queue named 'queue; is expected) and (b) taking the username and password > from system properties, env vars or command line args (e.g. see attached for > the helloworld example). > > That way the user sees the problem coming, but can also easily supply the > necessary credentials without having to edit the source. (Not that doing so > is arduous, but it makes running things one small step easier). > I think that seems reasonable. > I admit I'm coming from an atypical pov, which is more in using the examples > to do basic tests between different components. > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
