I'm trying to think through the security implications of this
configuration: a single cloud server (Digital Ocean) with 2 Tomcat 8.5
instances in a cluster, for session replication.
I can bind the Receiver element to 127.0.0.1, which I think should
protect the actual session data from prying eyes. Is that accurate?
The multicast-based Membership element seems to be more of a risk. I
really like the convenience of the mutlicast setup, but is that a
security risk? Should I go with static membership instead?
I found this discussion of static membership,but it is a bit old. Does
anyone know of a more recent doc?
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2009794
Are there other security considerations that I'm not thinking of?
--
Mitch
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
