2 Replies Latest reply on Nov 9, 2010 10:29 AM by kurtstam

    GuestCredentials, is this a good use case for them?

    kurtstam
    kurtstam Nov 9, 2010 9:51 AM

      Hi guys,

       

      I have some background interaction from my WebApp to MS. I'm using the user 'admin' for this at the moment and I have been reading: chapter 9. Would it make sense to use the GuestCredentials for this sort of background user stuff? I mean this user is unrelated to the user that logs into my app, and I don't really want to store a password for this user in my app.

       

      Thx,

       

      --Kurt

      • 3166 Views
      • Tags:
        • 1. Re: GuestCredentials, is this a good use case for them?
          bcarothers
          bcarothers Nov 9, 2010 10:18 AM (in response to kurtstam)

          Depending on your security needs, that might work.

           

          As long as you don't add the "connect" role to your anonymous access credentials, then remote users still wouldn't be able to get REST or WebDAV access to your server.  However, any other application running on the same app server that could access your repository (e.g., through JNDI) _could_ take advantage of that anonymous access.

            • Actions
          • 2. Re: GuestCredentials, is this a good use case for them?
            kurtstam
            kurtstam Nov 9, 2010 10:29 AM (in response to bcarothers)

            Thx Brian,

             

            Actually I know the code paths for these 'background' users. So when I go to create a jcr session I can use GuestCredentials for them only. So if you try to connect any other way you would never get there, and you sure would need a valid username/pw. I just want to make sure I'm not relying on 'demo-code' here (as the docs suggest), and that every JCR implementation will honor this behavior.

             

            --Kurt

              • Actions