Re: Securing Tomcat cluster communication
On 10/6/2011 8:31 AM, Afkham Azeez wrote: I had a look at the Tribes code. Can somebody please explain how Channel.SEND_OPTIONS_SECURE works? not yet implemented :( From the JavaDoc: SEND_OPTIONS_SECURE - Message is sent over an encrypted channel How is this encrypted channel setup? How do we define the keys/keystores etc? On Thu, Oct 6, 2011 at 7:47 PM, Afkham Azeezafk...@gmail.com wrote: Hi folks, Is there a way to do authentication in Tribes when new members try to join a cluster so that unauthorized nodes cannot join in? Also, when clustering messages are sent back forth, how do we ensure security? Thanks Azeez - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Securing Tomcat cluster communication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Afkham, On 10/6/11 10:17 AM, Afkham Azeez wrote: Is there a way to do authentication in Tribes when new members try to join a cluster so that unauthorized nodes cannot join in? Also, when clustering messages are sent back forth, how do we ensure security? You could use stunnel between all your boxes, but I'm not sure how that works with multicast. That would handle your authentication issues (use ssh authentication) as well as encryption of data across untrusted network segments. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7NGf0ACgkQ9CaO5/Lv0PB5+gCfZLJVWQIXX3tTWdLYvh8UVaUn VGUAn3kSVyErbrnSlDHb2ILz+HaA2F9g =ovVG -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Securing Tomcat cluster communication
On Wed, Nov 23, 2011 at 8:48 PM, Filip Hanik - Dev Lists devli...@hanik.com wrote: On 10/6/2011 8:31 AM, Afkham Azeez wrote: I had a look at the Tribes code. Can somebody please explain how Channel.SEND_OPTIONS_SECURE works? not yet implemented :( What is the proper way of implementing this if I was to do it? Implement an interceptor which will handle encryption/decryption? This is for Axis2 clustering which uses Tribes, so we could use the Tribes API. From the JavaDoc: SEND_OPTIONS_SECURE - Message is sent over an encrypted channel How is this encrypted channel setup? How do we define the keys/keystores etc? On Thu, Oct 6, 2011 at 7:47 PM, Afkham Azeezafk...@gmail.com wrote: Hi folks, Is there a way to do authentication in Tribes when new members try to join a cluster so that unauthorized nodes cannot join in? Also, when clustering messages are sent back forth, how do we ensure security? Thanks Azeez --**--**- To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.orgusers-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- *Afkham Azeez* Director of Architecture; WSO2, Inc.; http://wso2.com, *Member; Apache Software Foundation; **http://www.apache.org/*http://www.apache.org/ * * *email: **az...@wso2.com* az...@wso2.com* cell: +94 77 3320919 blog: **http://blog.afkham.org* http://blog.afkham.org* twitter: **http://twitter.com/afkham_azeez*http://twitter.com/afkham_azeez * linked-in: **http://lk.linkedin.com/in/afkhamazeez* * * *Lean . Enterprise . Middleware* * *
Re: Securing Tomcat cluster communication
Yes, that way you could encrypt your data packets and not worry about the wire protocol. the placement of the interceptor will be important, so that you don't encrypt packets you don't need to (like ping and failure detection) Filip On 11/23/2011 10:53 AM, Afkham Azeez wrote: On Wed, Nov 23, 2011 at 8:48 PM, Filip Hanik - Dev Listsdevli...@hanik.com wrote: On 10/6/2011 8:31 AM, Afkham Azeez wrote: I had a look at the Tribes code. Can somebody please explain how Channel.SEND_OPTIONS_SECURE works? not yet implemented :( What is the proper way of implementing this if I was to do it? Implement an interceptor which will handle encryption/decryption? This is for Axis2 clustering which uses Tribes, so we could use the Tribes API. From the JavaDoc: SEND_OPTIONS_SECURE - Message is sent over an encrypted channel How is this encrypted channel setup? How do we define the keys/keystores etc? On Thu, Oct 6, 2011 at 7:47 PM, Afkham Azeezafk...@gmail.com wrote: Hi folks, Is there a way to do authentication in Tribes when new members try to join a cluster so that unauthorized nodes cannot join in? Also, when clustering messages are sent back forth, how do we ensure security? Thanks Azeez --**--**- To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.orgusers-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Securing Tomcat cluster communication
Thanks Filip. I will try to implement this contribute it back to Tomcat if that would be useful. Azeez On Thu, Nov 24, 2011 at 2:06 AM, Filip Hanik - Dev Lists devli...@hanik.com wrote: Yes, that way you could encrypt your data packets and not worry about the wire protocol. the placement of the interceptor will be important, so that you don't encrypt packets you don't need to (like ping and failure detection) Filip On 11/23/2011 10:53 AM, Afkham Azeez wrote: On Wed, Nov 23, 2011 at 8:48 PM, Filip Hanik - Dev Lists devli...@hanik.com wrote: On 10/6/2011 8:31 AM, Afkham Azeez wrote: I had a look at the Tribes code. Can somebody please explain how Channel.SEND_OPTIONS_SECURE works? not yet implemented :( What is the proper way of implementing this if I was to do it? Implement an interceptor which will handle encryption/decryption? This is for Axis2 clustering which uses Tribes, so we could use the Tribes API. From the JavaDoc: SEND_OPTIONS_SECURE - Message is sent over an encrypted channel How is this encrypted channel setup? How do we define the keys/keystores etc? On Thu, Oct 6, 2011 at 7:47 PM, Afkham Azeezafk...@gmail.com wrote: Hi folks, Is there a way to do authentication in Tribes when new members try to join a cluster so that unauthorized nodes cannot join in? Also, when clustering messages are sent back forth, how do we ensure security? Thanks Azeez --** --**- To unsubscribe, e-mail: users-unsubscribe@tomcat.**apa**che.orghttp://apache.org users-unsubscribe@**tomcat.apache.orgusers-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --**--**- To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.orgusers-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- *Afkham Azeez* Director of Architecture; WSO2, Inc.; http://wso2.com, *Member; Apache Software Foundation; **http://www.apache.org/*http://www.apache.org/ * * *email: **az...@wso2.com* az...@wso2.com* cell: +94 77 3320919 blog: **http://blog.afkham.org* http://blog.afkham.org* twitter: **http://twitter.com/afkham_azeez*http://twitter.com/afkham_azeez * linked-in: **http://lk.linkedin.com/in/afkhamazeez* * * *Lean . Enterprise . Middleware* * *
Securing Tomcat cluster communication
Hi folks, Is there a way to do authentication in Tribes when new members try to join a cluster so that unauthorized nodes cannot join in? Also, when clustering messages are sent back forth, how do we ensure security? Thanks Azeez
AW: Securing Tomcat cluster communication
Hello, Please search for secret in http://tomcat.apache.org/connectors-doc/reference/workers.html Only requests from members with the same secret word will be acceped. Greetings Alexander -Ursprüngliche Nachricht- Von: Afkham Azeez [mailto:afk...@gmail.com] Gesendet: Donnerstag, 6. Oktober 2011 16:18 An: Tomcat Users List Betreff: Securing Tomcat cluster communication Hi folks, Is there a way to do authentication in Tribes when new members try to join a cluster so that unauthorized nodes cannot join in? Also, when clustering messages are sent back forth, how do we ensure security? Thanks Azeez smime.p7s Description: S/MIME cryptographic signature
Re: Securing Tomcat cluster communication
I had a look at the Tribes code. Can somebody please explain how Channel.SEND_OPTIONS_SECURE works? From the JavaDoc: SEND_OPTIONS_SECURE - Message is sent over an encrypted channel How is this encrypted channel setup? How do we define the keys/keystores etc? On Thu, Oct 6, 2011 at 7:47 PM, Afkham Azeez afk...@gmail.com wrote: Hi folks, Is there a way to do authentication in Tribes when new members try to join a cluster so that unauthorized nodes cannot join in? Also, when clustering messages are sent back forth, how do we ensure security? Thanks Azeez -- *Afkham Azeez* Director of Architecture; WSO2, Inc.; http://wso2.com, *Member; Apache Software Foundation; **http://www.apache.org/*http://www.apache.org/ * * *email: **az...@wso2.com* az...@wso2.com* cell: +94 77 3320919 blog: **http://blog.afkham.org* http://blog.afkham.org* twitter: **http://twitter.com/afkham_azeez*http://twitter.com/afkham_azeez * linked-in: **http://lk.linkedin.com/in/afkhamazeez* * * *Lean . Enterprise . Middleware* * *
Re: Securing Tomcat cluster communication
Thanks Alexander. That would work for authentication. But how could we achieve confidentiality when it comes to the clustering messages (state replication etc)? On Thu, Oct 6, 2011 at 7:52 PM, Alexander Diedler adied...@tecracer.dewrote: Hello, Please search for secret in http://tomcat.apache.org/connectors-doc/reference/workers.html Only requests from members with the same secret word will be acceped. Greetings Alexander -Ursprüngliche Nachricht- Von: Afkham Azeez [mailto:afk...@gmail.com] Gesendet: Donnerstag, 6. Oktober 2011 16:18 An: Tomcat Users List Betreff: Securing Tomcat cluster communication Hi folks, Is there a way to do authentication in Tribes when new members try to join a cluster so that unauthorized nodes cannot join in? Also, when clustering messages are sent back forth, how do we ensure security? Thanks Azeez
Re: AW: Securing Tomcat cluster communication
A 'connector' is used between for example Apache httpd and Tomcat. It is not used between Tomcat nodes in a cluster. Ronald. Op donderdag, 6 oktober 2011 16:22 schreef Alexander Diedler adied...@tecracer.de: Hello, Please search for secret in http://tomcat.apache.org/connectors-doc/reference/workers.html Only requests from members with the same secret word will be acceped. Greetings Alexander -Ursprüngliche Nachricht- Von: Afkham Azeez [mailto:afk...@gmail.com] Gesendet: Donnerstag, 6. Oktober 2011 16:18 An: Tomcat Users List Betreff: Securing Tomcat cluster communication Hi folks, Is there a way to do authentication in Tribes when new members try to join a cluster so that unauthorized nodes cannot join in? Also, when clustering messages are sent back forth, how do we ensure security? Thanks Azeez
Re: AW: Securing Tomcat cluster communication
Correct. What we have between nodes in a cluster is a channel. My questions are related to securing this channel. On Thu, Oct 6, 2011 at 8:17 PM, Ronald Klop (Mailing List) ronald-mailingl...@base.nl wrote: A 'connector' is used between for example Apache httpd and Tomcat. It is not used between Tomcat nodes in a cluster. Ronald. Op donderdag, 6 oktober 2011 16:22 schreef Alexander Diedler adied...@tecracer.de: Hello, Please search for secret in http://tomcat.apache.org/**connectors-doc/reference/**workers.htmlhttp://tomcat.apache.org/connectors-doc/reference/workers.html Only requests from members with the same secret word will be acceped. Greetings Alexander -Ursprüngliche Nachricht- Von: Afkham Azeez [mailto:afk...@gmail.com] Gesendet: Donnerstag, 6. Oktober 2011 16:18 An: Tomcat Users List Betreff: Securing Tomcat cluster communication Hi folks, Is there a way to do authentication in Tribes when new members try to join a cluster so that unauthorized nodes cannot join in? Also, when clustering messages are sent back forth, how do we ensure security? Thanks Azeez
Re: Securing Tomcat cluster communication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Azeez, On 10/6/2011 10:17 AM, Afkham Azeez wrote: Is there a way to do authentication in Tribes when new members try to join a cluster so that unauthorized nodes cannot join in? Also, when clustering messages are sent back forth, how do we ensure security? You could always use stunnel. I'm currently piloting that for a multi-node cluster with a pair of httpd instances for load-balancing. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6N+MoACgkQ9CaO5/Lv0PA4ggCfRxzweAyWHtEzLOE30nv//wtD zQUAn3gxOpc9WRDpnRTkNXecGtqKKHG4 =fOAu -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org