[ClusterLabs] corosync 2.4.4 version provide secure the communication by default
Jan Friesse
jfriesse at redhat.com
Mon Mar 27 03:34:00 EDT 2023
On 26/03/2023 12:42, S Sathish S wrote:
> Hi Jan,
>
Hi,
> In Corosync which all scenario it send cpg message and what is impact if we are not secure communication.
It really depends of what services are used, but generally speaking
corosync without cpg is not super useful so I guess cpg is probably used...
>
>
> 1. Any outsider attacker can manipulate the system using unencrypted communication.
yes
> 2. Corosync used for heartbeat communication in that we don't have any sensitive data really need to secure ? if not then any other sensitive data transferred via corosync
communication.
Not sure I understand question - but in general modifying corosync
messages can lead to huge problems. If attacker can really change
messages it's super easy to change membership, make it unstable, ...
it's not really just about changing content of cpg data.
What is the point to turn off encryption?
Regards,
Honza
>
> Thanks and Regards,
> S Sathish S
>
More information about the Users
mailing list