I have a question regarding securing JBoss Messaging. Is it enough to secure the naming provider aka initial context factory? In this scenario the credentials would be provided in the properties java.naming.security.principal and java.naming.security.credentials passed to the initial context factory. The other scenario is securing the Queue/Topic connection factory and providing the credentials in e.g. createQueueConnection(java.lang.String userName, java.lang.String password).
In my opinion the second option is more secure. I think it might be possible to get a connection without using JNDI. Am I correct?