ignite-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vdpyatkov <vldpyat...@gmail.com>
Subject Re: Veracode identifies Insufficient Entropy issue in Apache Ignite Classes
Date Tue, 25 Apr 2017 09:08:19 GMT


Why you not to use SSL/TLS configuration[1]?
In this case all nodes (including visorcmd) will be communicate through a
security socket.


In my point of view, those places (which was be in the report) do not
relevant to security. This is internal usage of standard platform random
algorithm, not a security layer.

If you want to encode traffic between nodes, you can use SSL/TLS[1] with
your own privet key.

For the implementation of authorization plugin we always use third party
system like as LDAP through JAAS. Look at how to do it in GridGain auth

[1]: https://apacheignite.readme.io/docs/ssltls
[2]: http://docs.gridgain.com/docs/security-and-audit

View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Veracode-identifies-Insufficient-Entropy-issue-in-Apache-Ignite-Classes-tp12159p12224.html
Sent from the Apache Ignite Users mailing list archive at Nabble.com.

View raw message