Security

Coherence is designed to be accessed by trusted clients inside trusted environments, there is not protocol to protect data between server and client, so that It is no a good idea to expose Coherence to an environment where untrusted clients can directly access it. For the most cases an application mediates access between Coherence and untrusted clients (It is completely feasible to create a proxy with a high level language between HTTPS and HTTP, for example a https proxy server for Coherence was created on Node.js with 58 code lines). In resume untrusted access to Coherence should always be mediated by a layer implementing access control.

The main point are:

  1. DoS because an attacker can exhaust the CPU: when a user makes requests, for example: a rsa key it consume CPU, if many unauthorized are done. THC TLS DoS

Countermeasures:

  1. Never expose Coherence directly to internet.

  2. Never expose Coherence directly to internet.

  3. If you expose it, create a proxy with acl or something like that at least.

  4. Configure your firewall.

Last updated