Some APIs that are available on the Master Server do not check for any permissions. Without permission checks, an unauthenticated user might invoke these services and possibly compromise the Master Server.
Workaround: You can set up the Master Server and CLI Clients to prevent unauthorized access. The following security options are available for the Master Server and the CLI Clients:
Configure the Master Server to use SSL to connect to the CLI Clients.
Install the CLI Client on servers that are accessible only to users who are authorized to access the N1 Grid Service Provisioning System.
On Solaris OS, Red Hat Linux, and IBM AIX servers, install the CLI Client within a user group that contains only authorized provisioning system users as its members.
Set the permissions for the CLI Client private keystore in N1SPS5.0-CLI-home/cli/data/private.store to 640. This permissions setting allows only authorized provisioning system users access to the CLI Client private keys to be able to connect to the Master Server.
On Windows 2000 systems, ensure that the CLI Client private keystore has read permissions granted only to authorized provisioning system users.