Extending Server Security
JMX messages are not encrypted. Therefore, server authentication does not provide secure message transmission after valid credentials are provided by a listening client. To extend security beyond the login threshold, consider the following options:
Place Terracotta servers in a secure location on a private network.
Restrict remote queries to an encrypted tunnel, such as one provided by SSH or stunnel.
If using public or outside networks, use a VPN for all communication in the cluster.
If using Ehcache, add a cache decorator to the cache that implements your own encryption and decryption.