tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "RAJESH KANNAN" <rajeshk_an...@hotmail.com>
Subject SSL
Date Thu, 01 Jan 1970 00:00:00 GMT
Hi,

I have some doubts about SSL. Eventhough I posted this mail in user forum, I 
couldn't get any reply. Hence I am posting this in developer forum.

I am now using apache web server with SSL already
setup.

that means I can connect to HTTP server using SSL:
https://10.0.0.105:443/
or I can connect to HTTP server w/o SSL
http://10.0.0.105:80

I can make a request to servlet using SSL:
https://10.0.0.105:443/admin/servlet/com.app.Admin
or I can make request to servelt w/o SSL
http://10.0.0.105/admin/servlet/com.app.Admin

Will I get a secure connection between servlet & web
browser if I

- block all port that can access servlet engine(e.g.
TOMCAT) from internet (e.g. 80, 8080) except SSL port
443.
- now web browser to apache web server connection is
secure.
- apache server to TOMCAT is not secure but only
apache can access TOMCAT , then it means
TOMCAT(servlet) is secure too??

If the above way is secure. how can I block access to
servlet through port 80? or block access to a
sepecific web application through port 80? which
means access is only granted through SSL port 443. (in
TOMCAT for example)

Since i need to send private info up from web browser
to servlet and make sure no one spy it. (
user/password for example )

thanks.
RajeshKannan

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message