On 10/02/2019 14:37, Christopher Schultz wrote: > All, > > I'm looking at the security of Tomcat's Clustering components, and I > think that the following are true. Please let me know if anything in > here is inaccurate: > > 1. a. Default membership uses multicast > b. Multicast (UDP) can't be authenticated > c. Therefore multicast membership cannot be secured on its own > d. ... unless you use the "domain" attribute as a kind of > "password" to get into a segment of the cluster > > 2. a. Static membership enumerates all members of the cluster on all nod > es > b. Therefore, joining a malicious node to the cluster is unlikely > > 3. a. Adding EncryptInterceptor encrypts > i. TcpFailureDetector traffic > ii. All actual content traffic > b. Therefore, adding EncryptInterceptor effectively secures the > cluster, even if the membership cannot be completely locked-down
Nothing jumps out at me as wrong. Also, I'd expect to see a bunch of errors at the valid nodes when they failed to decrypt messages from the invalid nodes. That should provide a clear indication that something unexpected was going on. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org