5.1 Security Considerations for Implementers
The transaction processing protocol that is defined by this specification is intended for use in an environment where all participants are trusted to collaborate in driving transactions toward a final outcome.
Misuse of the Two-Phase Commit Protocol can enable participants to perform simple denial of service attacks on their transaction managers. Because transaction managers generally communicate with multiple participants simultaneously, this condition represents a denial of service to other participants.
Each participant upholds the following principles:
Every transaction reaches a common outcome for all participants, in accord with a correctly executed Two-Phase Commit Protocol.
No transaction remains In Doubt for a longer period of time than the application's higher-layer business logic accepts.
An implementation has the option to further restrict its exposure to security vulnerabilities by initializing the following flags specified in the Abstract Data Model (section 3.1.1) to FALSE:
Allow TIP
Allow Begin
Allow PassThrough
Allow Non-Default Port
Allow Different Partner Address