[
https://issues.apache.org/jira/browse/TS-766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13875898#comment-13875898
]
Igor Galić commented on TS-766:
-------------------------------
I suggest to move this out until we have the Clustering protocol fixed up to a
reasonable extent. IMO the protocol is broken, and if we want authentication we
can do it over TLS — even if we stay on UDP, we can (DTLS).
> Authenticate access to cluster command port
> -------------------------------------------
>
> Key: TS-766
> URL: https://issues.apache.org/jira/browse/TS-766
> Project: Traffic Server
> Issue Type: Improvement
> Components: Clustering, Network
> Affects Versions: 2.1.8
> Reporter: Arno Toell
> Labels: security
> Fix For: 6.0.0
>
>
> Similar to TS-765, the cluster RPC interface should not be reachable by
> everyone. Instead some kind of peer authentication should apply. When
> clustering is enabled, please authenticate and/or restrict access to the RPC
> interface in a way only trusted peers are allowed to control the server.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
