2019年2月12日(火) 1:44 Christopher Schultz <ch...@christopherschultz.net>:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Mark, > > On 2/11/19 03:49, Mark Thomas wrote: > > On 10/02/2019 14:37, Christopher Schultz wrote: > >> All, > >> > >> I'm looking at the security of Tomcat's Clustering components, > >> and I think that the following are true. Please let me know if > >> anything in here is inaccurate: > >> > >> 1. a. Default membership uses multicast b. Multicast (UDP) can't > >> be authenticated c. Therefore multicast membership cannot be > >> secured on its own d. ... unless you use the "domain" attribute > >> as a kind of "password" to get into a segment of the cluster > >> > >> 2. a. Static membership enumerates all members of the cluster on > >> all nod es b. Therefore, joining a malicious node to the cluster > >> is unlikely > >> > >> 3. a. Adding EncryptInterceptor encrypts i. TcpFailureDetector > >> traffic ii. All actual content traffic b. Therefore, adding > >> EncryptInterceptor effectively secures the cluster, even if the > >> membership cannot be completely locked-down > > > > Nothing jumps out at me as wrong. > > > > Also, I'd expect to see a bunch of errors at the valid nodes when > > they failed to decrypt messages from the invalid nodes. That should > > provide a clear indication that something unexpected was going on. > > Yep, that's detection, though... not prevention. > > Thanks for the review. > > A follow-up to 1d above... if I try to (maliciously) join a cluster > which has been separated into domains whose identities I do not know, > I just end up in a (potentially unnamed) domain all by myself, right? > So I'm a "member" of the cluster, but I can't meaningfully interact > with any of the other legitimate members? > > If DomainFilterInterceptor has been enabled in cluster, you can't interact with any of the other legitimate members. > - -chris > -----BEGIN PGP SIGNATURE----- > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlxhpngACgkQHPApP6U8 > pFgh/A/9HCmE9xBbfLKPq7gcjsPWJlvX3zd2RomvLT0Psr+XvVwja2sd4o20enNg > 68+NB60AgKq2YVa4h5vQvn3/EPOaqWLSsR/j6EvHNwnko27STg8PGpNdpGCbnrE0 > EcAOxVOI3BjP2m7o8dW/uALwXaFRFJK0Ijpk6IdkMORSxr6cScoEXodHzjs/x1M+ > rM/laF0tQ19W58J6bGmHw92mYFZ2aho2qhQKH6J/N4WnR5lBlrb3rwuTZgpLomxO > EO2BRwPmonGsYfRG74+4jMsV9dZnlWplRrgPbbCCgOYC0nhdTNRXkXBeUfhd9m3h > BRPkG+DbpysVC+6nyTqOpMJy7iGaY/cRyEJK8T5cvnQIF5ByjbXMR92qVaLCRkzA > al+nRZA2GG56kWBc5vWhRg0++P7CXPKZmMe2IvUGYyBsuVBDCMTydymiA3Q8mvcc > 1pV3n+or7yXQjfN1Ak/DdBAnPcI2ykwA1LJazuPOfAk6cyZy1ebBHYwPGAHDBFKz > hXiL/3rmjG8E3+hK3nbJ22xhTmnAh5/B2V+pkRf6gCk3TbcsPDgc5K++1yri56EQ > 4t4bGwmv3hRgy6EYpfiVZfXwLl3J/eThYeXdzbmt0eY4bDVmHxcrBxUf3yanYiY2 > zFh6q7CLyjgqYuaV1QLYzP17fAWdSY+xtATNANdvYquqxREQV5o= > =x0Xw > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- Keiichi.Fujino