Extending Server Security
JMX messages are not encrypted. Therefore, server authentication does not provide secure message transmission after valid credentials are provided by a listening client. To extend security beyond the login threshold, consider the following options:
![*](bullet.gif)
Place Terracotta servers in a secure location on a private network.
![*](bullet.gif)
Restrict remote queries to an encrypted tunnel, such as one provided by SSH or stunnel.
![*](bullet.gif)
If using public or outside networks, use a VPN for all communication in the cluster.
![*](bullet.gif)
If using Ehcache, add a cache decorator to the cache that implements your own encryption and decryption.