replication security hole
Need to fix security hole in Metacat replication feature where host name can be
spoofed, allowing complete access to the server's data.
#1 Updated by Matt Jones over 18 years ago
This bug arises because the client metacat provides the hostname in the
parameter data during replication, and the server metacat "trusts" (unwisely)
that the client is telling the truth. Chad has a potential solution outlined
which basically involves setting this up over an SSL connection, so that each
metacat server is identified by a cryptographic host key. This of course
requires SSL operation, which Jivka has at least partially implemented. See bug
235 for details of the ssl implementation.
#4 Updated by Jivka Bojilova about 18 years ago
Added support for running replication over HTTPS.
Removed the check of IP address using the DNS because it doesn't provide enough
security because of possible IP spoofing.
In order to configure 2 Metacat servers to replicate over HTTPS (no matter of
one-way or two-way replication):
1. Included interface in replControl.html to exchange certificate files by
adding additional input box that should specify the source location of cert
file. This should be done on "Add This Server" action.
2. Preliminary both Metacat servers should export their certificates in a file
on their own file systems and both should download each other's certificate
files using relpControl.html page. Then both should import the downloaded files
on their side as trusted certificates.