I haven't been able to locate any solid information regarding the merits of securing node manger through SSL. The EDG just says to do it.
Can someone please provide the reasoning behind this? My VMs are behind a firewall, and for security puposes, I plan to enable host name verification, but I do not see why SSL of node manager is suggested.
Thanks in advance.
Very faint response: It is the default, so you do not have to configure anything.
No seriously; using the node manager is all about (internal) network communication. When you want no one to get the usernames and passwords used
you have to resort to SSL. Note that most security issues are related to internal misuse. This is usually the reason to go for SSL instead of
plain communication, so that no one can mess up your system (even from the inside).
More information about the node manager can be found here: http://download.oracle.com/docs/cd/E21764_01/web.1111/e13740/toc.htm
Thank you for the reply Rene. I had reviewed that link, but it was vague there, as well.
Would you please clarify the usernames and passwords comment? Are you saying this, in addition to host name verification, is to prevent someone internally from initiating an attack (suck as man-in-the-middle) to steal WL Admin usernames and passwords?