2 Replies Latest reply on May 17, 2013 8:58 AM by Tristan Tarrant

    Infinispan's jGroups AUTH

    tomas11 Novice



      I've got couple of questions regarding AUTH protocol that is used in Infinispan's jGroups.


      - Is jGroups AUTH protocol using secure (https?) connection for exchanging auth tokens?


      - How secure is using AUTH protocol in Infinispan's configuration? I've found that it can be vulnerable to replay attacks - https://issues.jboss.org/browse/JGRP-1487


      - How big issuse it is? How we can prevent unauthenticated members to join the cluster and still be on safe side with replay attacks?


      - Are there any other standard ways to secure authentication in Infinispan?


      Can someone help me with this?