Adam, While the existing Clustering CAS document is an excellent resource for those wishing to deploy multiple CAS instances, in certain instances it doesn't provide an appropriate level of detail on security risks.
I encourage you to add warnings where you believe appropriate, attempting to generalize them. For instance when configuring a TicketRegistry it may be appropriate to warn merely about the risks in deploying multiple CAS instances across a public network without encrypting (or using a secure channel to transmit) the data stored in the ticket registry. You also asked about the Tomcat Session replication. CAS by default stores nothing in session except the name of the service and any state information required by Spring Web Flow. However, it may be good to make a note that while CAS does not store any sensitive information in the Tomcat Session, one should take care in supplementing the CAS state with additional information of a sensitive nature if deploying Tomcat clustering across an untrusted network. Thanks! -Scott On 10/9/07, Adam Rybicki <[EMAIL PROTECTED]> wrote: > > All, > > I just read the security warning that Andrew added to this excellent > tutorial. I was thinking of adding one more warning like that, but in the > section that describes how to replicate the ticket registry using > JBossCache. That's because the instructions are about using multicast to > synchronize the ticket registries across the network. This is not likely to > be a problem for CAS clusters of servers sitting next to each other in the > same data center. However, if one of the goals of clustering is to achieve > high availability, which it often is, then implementers will consider > locating CAS cluster servers in different physical locations. In these > situations, additional care must me taken to assure that secure data does > not "leak" into the public network. > > This potential issue is not unique to using multicast. Using > database-based ticket registry could be subject to similar risks. Those > risks may be smaller, IMHO, but they exist. Using encryption when talking > to a database might be an option. > > Based on some other postings in this list, I think that CAS does not use > the HttpSession to store any secure information. This would mean that the > section of the tutorial titled "Tomcat Session Replication" may be fine even > though it also uses multicast. > > So, my question is: should I add that warning to the Clustering CAS > tutorial? > > Thanks, > > Adam > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > > -- -Scott Battaglia LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
