Securing JMS communication varies based on the vendor. For information on securing JMS for the Oracle WebLogic Applilcation Server, see the following web sites:
http://download.oracle.com/docs/cd/E12840_01/wls/docs103/client/basics.html#wp1071693
http://download.oracle.com/docs/cd/E14571_01/web.1111/e13738/best_practice.htm#CACDDFJD
http://download.oracle.com/docs/cd/E14571_01/web.1111/e13707/ssl.htm#i1200848
Caution: Never set the user name and password to the connection factory settings.Doing this gives any user with JNDI read-access, full access to all JMS destinations. It also increases the risk of exposure if the serializable connection factory contains the user name and password. The client, or the client context, should always provide the user name and password for authentication. Therefore, it is not necessary to supply those in the connection factory. |