Since Eureka uses http/https protocols to interact with its registrants (clients), you could easily trick the eureka server by pretending to be one of its clients posting false/erroneous data to it telling that a service is down which eventually result in removal of those services from registry. This is a very likely scenario in a large system with many users. What are the alternative security/authentication schemes to prevent such attack?
If your service discovery is accessible from the outside, you need to add some security to it, and HTTPS will only protect from man-in-the-middle attacks, so it is not enought.
If you use Eureka with the spring cloud starter (@EnableEurekaServer), you could use spring security to protect your server.
For a simple exemple you could add :
security:
user:
name: admin
password: password
And declare eureka like this on the spring-boot client side :
eureka:
client:
serviceUrl:
defaultZone: http://admin:password@localhost:8002/eureka
You can also use oauth, and all the others security protocol that spring offers.