tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mitch Claborn <>
Subject Clustering considerations - single server, multiple Tomcat instances - in the cloud
Date Mon, 17 Apr 2017 21:59:39 GMT
I'm trying to think through the security implications of this 
configuration: a single cloud server (Digital Ocean) with 2 Tomcat 8.5 
instances in a cluster, for session replication.

I can bind the Receiver element to, which I think should 
protect the actual session data from prying eyes. Is that accurate?

The multicast-based Membership element seems to be more of a risk. I 
really like the convenience of the mutlicast setup, but is that a 
security risk? Should I go with static membership instead?

I found this discussion of static membership,but it is a bit old.  Does 
anyone know of a more recent doc?

Are there other security considerations that I'm not thinking of?



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message