You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Madhav Bhargava <un...@gmail.com> on 2012/05/01 00:16:00 UTC

Signing and Encrypting messages using Apache tribes

Hi All,

We use apache tribes for inter node communication via multicast. For
securing inter node communication two things are required:

1. Establishing the identity of a node as valid who is sending the message
2. Encrypting selective messages which are sensitive in nature.

This topic was raised some time back (
http://tomcat.10.n6.nabble.com/Securing-Tomcat-cluster-communication-td1973779.html
 )

It is recommended that encryption/decryption of messages be done using a
custom interceptor or using a stunnel, the former approach being the
preferred approach. It has also being mentioned that the option
SEND_OPTIONS_SECURE has not been implemented. This was in 2011, how its
2012 - Has this been implemented now?

What do you suggest is the best way using tribes to sign messages - via
another interceptor or by just using the secret keyword as per
http://tomcat.apache.org/connectors-doc/reference/workers.html

best regards,
madhav



-- 
When I tell the truth, it is not for the sake of convincing those who do
not know it, but for the sake of defending those that do

RE: Signing and Encrypting messages using Apache tribes

Posted by "Filip Hanik (mailing lists)" <de...@hanik.com>.


> -----Original Message-----
> From: Madhav Bhargava [mailto:unmarshall@gmail.com]
> Sent: Monday, April 30, 2012 4:16 PM
> To: users@tomcat.apache.org
> Subject: Signing and Encrypting messages using Apache tribes
> 
> Hi All,
> 
> We use apache tribes for inter node communication via multicast. For
> securing inter node communication two things are required:
> 
> 1. Establishing the identity of a node as valid who is sending the
> message
> 2. Encrypting selective messages which are sensitive in nature.
> 
> This topic was raised some time back (
> http://tomcat.10.n6.nabble.com/Securing-Tomcat-cluster-communication-
> td1973779.html
>  )
> 
> It is recommended that encryption/decryption of messages be done using a
> custom interceptor or using a stunnel, the former approach being the
> preferred approach. 
[Filip Hanik] 
Correct, using an interceptor you can do that. That is the easiest way. You can also use it for membership as membership messages carry a payload.

It has also being mentioned that the option
> SEND_OPTIONS_SECURE has not been implemented. This was in 2011, how its
> 2012 - Has this been implemented now?
[Filip Hanik]
No.
 
> 
> What do you suggest is the best way using tribes to sign messages - via
> another interceptor 
[Filip Hanik] 
Yes, use an interceptor


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org