tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GOMEZ Henri <hgo...@slib.fr>
Subject RE: [PROPOSAL AJP14] AJP13 Evolution
Date Mon, 07 May 2001 21:57:18 GMT
>Will this be the next step to combining mod_webapp with
>mod_jk?

Discussion is open and Pier is my guess, even if he loose
an occasion to eat splendid 'pasta fresca'.

>Maybe this could be the first step to merging the two.
>ajp14 could offer some automatic configuration similar
>to mod_webapp, as you suggested in the proposal.

>I also think that a security mechanism is important.
>There should be some form of login for the connector to
>make sure that communication with the server is allowed.

>I think we should be careful with the security side,
>however.  This could lead into a complex discussion
>over what is appropriate.  My suggestion would be to
>go with something simple, as suggested in the proposal.

The system is aimed to be simple, we don't want SSH/SSL
here but just a basic 'protected' login.

>This level of security would cover most of the installations
>and when someone requires an additional level of security or
>interface to other security mechanisms, that could be added
>later.

We can add native SSH tunneling for example using openssh.

>This proposal hits on the most important issues with mod_jk
>at this point.
>
>+1
>
>As for the security key, would it be possible to generate
>a unique key when mod_jk is first installed?  Maybe we could
>create some basic mechanism, similar to the way ssh generates
>a key when it is installed.  This would avoid the possibility
>of having many TC servers out there that can be logged into
>with the default key or no key.  It could avoid the problem
>that the admin webapp has with the password needing to be changed
>and trust being turned on.

mod_jk could serve many tomcats on different systems. Each Tomcat
could need a different secret key, but worker concept help here.
Cf my previous mail about it....
 
>Just a thought.
>
>Mike.
>--
>Mike Braden
>mikeb@nc.rr.com
>mikeb@mwbinc.com 
>
>-----Original Message-----
>From: GOMEZ Henri [mailto:hgomez@slib.fr]
>Sent: Monday, May 07, 2001 8:40 AM
>To: tomcat-dev@jakarta.apache.org
>Subject: [PROPOSAL AJP14] AJP13 Evolution
>
>
>Hi to all,
>
>You could find attached a proposal of evolution to
>the current Apache JServ Protocol version 1.3, 
>also known as ajp13.  
>
>Let start the comments, questions, remarks cycle.....
>
>PS : I've not cover here the full protocol but only the add-on 
>     from ajp13.
>
>-
>Henri Gomez                 ___[_]____
>EMAIL : hgomez@slib.fr        (. .)                     
>PGP KEY : 697ECEDD    ...oOOo..(_)..oOOo...
>PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6 
>
>

Mime
View raw message