[jboss-jira] [JBoss JIRA] (WFCORE-1145) Review of HostController / Application Server Remoting connections
David Lloyd (JIRA)
issues at jboss.org
Mon Nov 23 12:08:00 EST 2015
[ https://issues.jboss.org/browse/WFCORE-1145?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13132850#comment-13132850 ]
David Lloyd commented on WFCORE-1145:
-------------------------------------
>From a security angle, we can create an ephemeral/one-off socket server which is only available during the server-to-host establishment process, using a one-time random token for verification (it could simply be a response type for a "connect back" command in the response protocol described in WFCORE-1147). Not having Remoting in the picture greatly simplifies the security of this connection as well, and has a side benefit that the child servers don't actually need Remoting for anything at all unless they're using it for user stuff.
> Review of HostController / Application Server Remoting connections
> ------------------------------------------------------------------
>
> Key: WFCORE-1145
> URL: https://issues.jboss.org/browse/WFCORE-1145
> Project: WildFly Core
> Issue Type: Task
> Components: Domain Management
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Labels: affects_elytron
> Fix For: 3.0.0.Alpha1
>
>
> Where an application server connects back to it's host controller in domain mode it used the same Remoting connector exposed possibly for native domain management access.
> The problem with this is that as soon as any security restrictions are placed on the connector exposed by the host controller then the application servers require something to work with this - this is even though we are only ever talking about loopback communication between two process on the same machine.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list