1 Reply Latest reply on Feb 7, 2005 7:38 AM by Bela Ban

    TreeCache Security

    Ralf Siedow Newbie

      Hello,

      we are using multiple tree cache instance which successfully connect to each other. If I want to prevent that I will use different cluster names.

      I've read the FAQ and the TreeCache HTML documentation and still have some questions unanswered:
      - TreeCaches use multicast to announce them to each other, right?
      - Do TreeCaches use multicast or unicast to replicate state?
      - Currently I didn't find any mechanism to define a common passphrase that is needed together with the cluster name so that only authorized caches can connect to each other. Are there any plans to do this?
      - How can I configure my cache so that it is only possible for to IP addresses to share information and they don't offer their content to "malicious" hosts?

      Thanks,
      Ralf

        • 1. Re: TreeCache Security
          Bela Ban Master

           

          "ralf.siedow" wrote:
          Hello,

          we are using multiple tree cache instance which successfully connect to each other. If I want to prevent that I will use different cluster names.

          I've read the FAQ and the TreeCache HTML documentation and still have some questions unanswered:
          - TreeCaches use multicast to announce them to each other, right?


          Not necessarily, this depends on the configuration of the JGroups reliable transport


          - Do TreeCaches use multicast or unicast to replicate state?


          'Multi-point'. Multicast or multiple TCP connections, depending on the JGroups config


          - Currently I didn't find any mechanism to define a common passphrase that is needed together with the cluster name so that only authorized caches can connect to each other. Are there any plans to do this?


          This can be done on the JGroups level. Read JGroups/doc/ENCRYPT.html for an explanation of how to do this.


          - How can I configure my cache so that it is only possible for to IP addresses to share information and they don't offer their content to "malicious"


          Use a different
          1: partition name
          2: multicast address
          3: multicast port

          you can and or or these together