-
1. Re: GuestCredentials, is this a good use case for them?
bcarothers Nov 9, 2010 10:18 AM (in response to kurtstam)Depending on your security needs, that might work.
As long as you don't add the "connect" role to your anonymous access credentials, then remote users still wouldn't be able to get REST or WebDAV access to your server. However, any other application running on the same app server that could access your repository (e.g., through JNDI) _could_ take advantage of that anonymous access.
-
2. Re: GuestCredentials, is this a good use case for them?
kurtstam Nov 9, 2010 10:29 AM (in response to bcarothers)Thx Brian,
Actually I know the code paths for these 'background' users. So when I go to create a jcr session I can use GuestCredentials for them only. So if you try to connect any other way you would never get there, and you sure would need a valid username/pw. I just want to make sure I'm not relying on 'demo-code' here (as the docs suggest), and that every JCR implementation will honor this behavior.
--Kurt