Forum Discussion
Triggerman_1128
Nimbostratus
NimbostratusOneConnect
Hi all. I'm just wondering under what situation/circumstance that an application will break when enabling OneConnect. There's a KB in Microsoft that touched on this (http://support.microsoft.com/kb/88...
Hamish
Cirrocumulus
CirrocumulusThat depends on how you implement the OneConnect settings.
The biggest problem is where you share the backend connections amongst multiple clients. The backends only see the IP address (Assuming NAT) of the first client. And thereafter the other client requests will be presented on the same connection and thus the same IP address. Clients will also 'hop' around on random IP's in this case (Not so bad if you use SNAT).
The biggest problem is where apps expect that all requests on a single connection are from the same client and so only do the auth etc on the first request... The second and subsequent requests then share the sessino of the first and you have a wonderful problem where people see each others information etc...
OneConnect is very useful where it's got a well written and robust app behind it that's expecting multiple clients multiplexed over a small number of connections... Otherwise it's exposing a bit of a security hole.
H