2 Replies Latest reply on May 17, 2013 8:58 AM by Tristan Tarrant

    Infinispan's jGroups AUTH

    tomas11 Novice

      Hi

       

      I've got couple of questions regarding AUTH protocol that is used in Infinispan's jGroups.

       

      - Is jGroups AUTH protocol using secure (https?) connection for exchanging auth tokens?

       

      - How secure is using AUTH protocol in Infinispan's configuration? I've found that it can be vulnerable to replay attacks - https://issues.jboss.org/browse/JGRP-1487

       

      - How big issuse it is? How we can prevent unauthenticated members to join the cluster and still be on safe side with replay attacks?

       

      - Are there any other standard ways to secure authentication in Infinispan?

       

      Can someone help me with this?

      Thanks