Clustering CAS tutorial in CAS User Manual

[Scott Battaglia]

Adam,

While the existing Clustering CAS document is an excellent resource for
those wishing to deploy multiple CAS instances, in certain instances it
doesn't provide an appropriate level of detail on security risks.

I encourage you to add warnings where you believe appropriate, attempting to
generalize them.  For instance when configuring a TicketRegistry it may be
appropriate to warn merely about the risks in deploying multiple CAS
instances across a public network without encrypting (or using a secure
channel to transmit) the data stored in the ticket registry.

You also asked about the Tomcat Session replication.  CAS by default stores
nothing in session except the name of the service and any state information
required by Spring Web Flow.  However, it may be good to make a note that
while CAS does not store any sensitive information in the Tomcat Session,
one should take care in supplementing the CAS state with additional
information of a sensitive nature if deploying Tomcat clustering across an
untrusted network.

Thanks!
-Scott

On 10/9/07, Adam Rybicki <arybicki at unicon.net> wrote:
>
>  All,
>
> I just read the security warning that Andrew added to this excellent
> tutorial.  I was thinking of adding one more warning like that, but in the
> section that describes how to replicate the ticket registry using
> JBossCache.  That's because the instructions are about using multicast to
> synchronize the ticket registries across the network.  This is not likely to
> be a problem for CAS clusters of servers sitting next to each other in the
> same data center.  However, if one of the goals of clustering is to achieve
> high availability, which it often is, then implementers will consider
> locating CAS cluster servers in different physical locations.  In these
> situations, additional care must me taken to assure that secure data does
> not "leak" into the public network.
>
> This potential issue is not unique to using multicast.  Using
> database-based ticket registry could be subject to similar risks.  Those
> risks may be smaller, IMHO, but they exist.  Using encryption when talking
> to a database might be an option.
>
> Based on some other postings in this list, I think that CAS does not use
> the HttpSession to store any secure information.  This would mean that the
> section of the tutorial titled "Tomcat Session Replication" may be fine even
> though it also uses multicast.
>
> So, my question is: should I add that warning to the Clustering CAS
> tutorial?
>
> Thanks,
>
> Adam
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>


-- 
-Scott Battaglia

LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20071009/54915dc8/attachment.html