# Security Coherence is designed to be accessed by trusted clients inside trusted environments, there is not protocol to protect data between server and client, so that It is no a good idea to expose Coherence to an environment where untrusted clients can directly access it. For the most cases an application mediates access between Coherence and untrusted clients (It is completely feasible to create a proxy with a high level language between HTTPS and HTTP, for example a https proxy server for Coherence was created on Node.js with 58 code lines). In resume untrusted access to Coherence should always be mediated by a layer implementing access control. The main point are: 1. DoS because an attacker can exhaust the CPU: when a user makes requests, for example: a rsa key it consume CPU, if many unauthorized are done. [THC TLS DoS](https://github.com/azet/thc-tls-dos) Countermeasures: 1. Never expose Coherence directly to internet. 2. Never expose Coherence directly to internet. 3. If you expose it, create a proxy with acl or something like that at least. 4. Configure your firewall. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://coherence.3vidence.com/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.