Wow. That means any client who can get past node authentication on join can do anything they like on all caches, including all admin commands.
The node validation logic won't help at all - the join request may claim that a given security processor is used, but subsequent requests can perfectly be contructed client-side without going through client-side security. Unless I am missing something this sounds like a pretty serious issue. Franck -- Sent from: http://apache-ignite-users.70518.x6.nabble.com/
