Extending Server Security

JMX messages are not encrypted. Therefore, server authentication does not provide secure message transmission after valid credentials are provided by a listening client. To extend security beyond the login threshold, consider the following options:

• Place Terracotta servers in a secure location on a private network.

• Restrict remote queries to an encrypted tunnel, such as one provided by SSH or stunnel.

• If using public or outside networks, use a VPN for all communication in the cluster.

• If using Ehcache, add a cache decorator to the cache that implements your own encryption and decryption.