ignite-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From franck102 <franck...@yahoo.com>
Subject Re: Security question
Date Fri, 13 Oct 2017 10:56:08 GMT
Wow. That means any client who can get past node authentication on join can
do anything they like on all caches, including all admin commands.

The node validation logic won't help at all - the join request may claim
that a given security processor is used, but subsequent requests can
perfectly be contructed client-side without going through client-side

Unless I am missing something this sounds like a pretty serious issue.


Sent from: http://apache-ignite-users.70518.x6.nabble.com/

View raw message