When using tomcat clusters on an untrusted subnet or using a routable
multicast address, i see the potential for a rogue tomcat instance to
join a cluster in order to hijack session information. This doesn't
seem to be cured by any firewalling of incoming connections to the
valid servers, as,
When using tomcat clusters on an untrusted subnet or using a routable
multicast address, i see the potential for a rogue tomcat instance to
join a cluster in order to hijack session information. This doesn't
seem to be cured
by any firewalling of incoming connections to the valid servers, as,
When using tomcat clusters on an untrusted subnet or using a routable
multicast address, i see the potential for a rogue tomcat instance to
join a cluster in order to hijack session information.
Is there any way to restrict autodiscovery of cluster membership to a
known list of IPs or disable