OK, this is correct! Sorry, but I also thing that we must
have a secretKey and a restricted IP list to register inside cluster I
want implement this
inside the next release. But currenly the cluster message are not
crypted and when clients can connect
to your network your go in trouble. At secure production sites the
replication and membership traffic send over
seperate network cards and switches.
Thanks
Peter
ryan boyd schrieb:
When using tomcat clusters on an untrusted subnet or using a routable
multicast address, i see the potential for a rogue tomcat instance to
join a cluster in order to hijack session information. This doesn't
seem to be cured by any firewalling of incoming connections to the
valid servers, as, from what i have read, the valid servers will do a
unicast conect to the rogue sever on the address/port specified by the
rogue server's multicast transmission and will transfer session data
to it.
If this is incorrect, I'd be grateful for an explanation. If this is
correct, Is there any way to restrict autodiscovery of cluster
membership to a known list of IPs or disable auto discovery
alltogether?
Thanks,
Ryan
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
