rick_tem, Why you not to use SSL/TLS configuration[1]? In this case all nodes (including visorcmd) will be communicate through a security socket.
jackbaru, In my point of view, those places (which was be in the report) do not relevant to security. This is internal usage of standard platform random algorithm, not a security layer. If you want to encode traffic between nodes, you can use SSL/TLS[1] with your own privet key. For the implementation of authorization plugin we always use third party system like as LDAP through JAAS. Look at how to do it in GridGain auth plugin[2]. [1]: https://apacheignite.readme.io/docs/ssltls [2]: http://docs.gridgain.com/docs/security-and-audit -- View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Veracode-identifies-Insufficient-Entropy-issue-in-Apache-Ignite-Classes-tp12159p12224.html Sent from the Apache Ignite Users mailing list archive at Nabble.com.
