Coherence
Search…
Coherence
Home
Rand
Hash
Argon2
Poly1305
Stream-ciphers
Block-ciphers
HMAC
CMAC
VMAC
DSA
RSA
DH
ECC
ECDH
Curve-25519
NTRU
Security
Openssl
Json-reference
Links
Understanding-the-code
Powered By GitBook
Security
Coherence is designed to be accessed by trusted clients inside trusted environments, there is not protocol to protect data between server and client, so that It is no a good idea to expose Coherence to an environment where untrusted clients can directly access it. For the most cases an application mediates access between Coherence and untrusted clients (It is completely feasible to create a proxy with a high level language between HTTPS and HTTP, for example a https proxy server for Coherence was created on Node.js with 58 code lines). In resume untrusted access to Coherence should always be mediated by a layer implementing access control.
The main point are:
  1. 1.
    DoS because an attacker can exhaust the CPU: when a user makes requests, for example: a rsa key it consume CPU, if many unauthorized are done. THC TLS DoS
Countermeasures:
  1. 1.
    Never expose Coherence directly to internet.
  2. 2.
    Never expose Coherence directly to internet.
  3. 3.
    If you expose it, create a proxy with acl or something like that at least.
  4. 4.
    Configure your firewall.
Previous
NTRU
Next
Openssl
Last modified 9mo ago
Copy link