5.1 Security Considerations for Implementers

  • Article

The transaction processing protocol that is defined by this specification is intended for use in an environment where all participants are trusted to collaborate in driving transactions toward a final outcome.

Misuse of the Two-Phase Commit Protocol can enable participants to perform simple denial of service attacks on their transaction managers. Because transaction managers generally communicate with multiple participants simultaneously, this condition represents a denial of service to other participants.

Each participant upholds the following principles:

  • Every transaction reaches a common outcome for all participants, in accord with a correctly executed Two-Phase Commit Protocol.

  • No transaction remains In Doubt for a longer period of time than the application's higher-layer business logic accepts.

An implementation has the option to further restrict its exposure to security vulnerabilities by initializing the following flags specified in the Abstract Data Model (section 3.1.1) to FALSE:

  • Allow TIP

  • Allow Begin

  • Allow PassThrough

  • Allow Non-Default Port

  • Allow Different Partner Address