Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-7368

Allow a RS to reject changes from a DS known to be a Read-Only server.

    Details

    • Type: Epic
    • Status: In Progress
    • Priority: Blocker
    • Resolution: Unresolved
    • Affects Version/s: 7.0.0
    • Fix Version/s: 7.1.0
    • Component/s: replication, security
    • Labels:
      None
    • Epic Name:
      Read-Only Replicas
    • T-shirt size:
      Medium
    • Target Version/s:
    • Epic Status:
      In Progress
    • Percent complete:
      50

      Description

      This is a requirement from a customer who is a bank.
      They are planning to deploy several DS only instances in low security environment, making these instances read-only.
      They want to make sure that even if the DS instance is compromised by a hacker, changes are not accepted by any remote RS.

      This could be done with allow / denied lists configured on all RSs. Consistency of such lists across all RS will be important for security reasons.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                ludo Ludovic Poitou
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: