jboss-jira November 2013

jboss-jira@lists.jboss.org

1 participants
1713 discussions

[JBoss JIRA] (JGRP-1722) Improve performance of ENCRYPT protocol

by Divya Mehra (JIRA)

[ https://issues.jboss.org/browse/JGRP-1722?page=com.atlassian.jira.plugin.... ] Divya Mehra updated JGRP-1722: ------------------------------ Labels: 620 (was: jdg620_dm jdg62GAblocker) > Improve performance of ENCRYPT protocol > --------------------------------------- > > Key: JGRP-1722 > URL: https://issues.jboss.org/browse/JGRP-1722 > Project: JGroups > Issue Type: Enhancement > Affects Versions: 3.4 > Reporter: Martin Gencur > Assignee: Bela Ban > Labels: 620 > Fix For: 3.5 > > > A stress tests with the following setup showed that performance (reads and writes/sec) is halved when ENCRYPT protocol is enabled: > Infinispan had distributed sync cache with 2 owners on 4 nodes, no transactions. The stress test used 10 threads on each node accessing 1024 byte entries, no conflicts on keys, 20 % writes, 80 % reads. > It would be great if we could improve the performance of ENCRYPT protocol. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 1 month

1
0
0 / 0

[JBoss JIRA] (JGRP-1487) AUTH: X509Token Authentication is vulnerable to replay attacks

by Divya Mehra (JIRA)

[ https://issues.jboss.org/browse/JGRP-1487?page=com.atlassian.jira.plugin.... ] Divya Mehra updated JGRP-1487: ------------------------------ Labels: 620 (was: jdg620_dm jdg62GAblocker) > AUTH: X509Token Authentication is vulnerable to replay attacks > -------------------------------------------------------------- > > Key: JGRP-1487 > URL: https://issues.jboss.org/browse/JGRP-1487 > Project: JGroups > Issue Type: Bug > Affects Versions: 3.0.9 > Reporter: sreenivas chinimilli > Assignee: Bela Ban > Labels: 620 > Fix For: 3.5 > > > In the implementation of X509Token Authentication > The auth_value is enrypted with the certificate within the keystore and > during verification encrypted auth value is decrypted with the private key > compared against the orignial auth value. > This implementation is prone to replay attacks, that is > any user with out having any knowledge of the auth value can join the group > by replaying the enrypted auth value captured in earlier sessions. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 1 month

1
0
0 / 0

[JBoss JIRA] (JGRP-1721) AUTH and ENCRYPT protocols configured with plain text passwords

by Divya Mehra (JIRA)

[ https://issues.jboss.org/browse/JGRP-1721?page=com.atlassian.jira.plugin.... ] Divya Mehra updated JGRP-1721: ------------------------------ Labels: 620 (was: jdg620_dm jdg62GAblocker) > AUTH and ENCRYPT protocols configured with plain text passwords > --------------------------------------------------------------- > > Key: JGRP-1721 > URL: https://issues.jboss.org/browse/JGRP-1721 > Project: JGroups > Issue Type: Bug > Affects Versions: 3.4 > Reporter: Martin Gencur > Assignee: Bela Ban > Labels: 620 > Fix For: 3.5 > > > The following parameters of AUTH protocol are stored as plain text: > * keystore_password > The following parameters of ENCRYPT protocol are stored as plain text: > * store_password > * key_password > Example: > {code} > <ENCRYPT key_store_name="defaultStore.keystore" store_password="changeit" alias="myKey"/> > {code} > Requirements for storing passwords: https://docspace.corp.redhat.com/docs/DOC-131628 -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 1 month

1
0
0 / 0

← Newer
1
...
169
170
171
172
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira November 2013