tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: Status/Authority of AJP/1.5
Date Tue, 25 Oct 2005 16:03:26 GMT
Costin Manolache wrote:
> 
> Security ( i.e. authentication ) might be the only reason to extend
> AJP - but even this can be done on top of the existing protocol, using
> a custom header and connection initiation.

Only partly true.  Let's take the HTTPS state, for example... if tomcat looks
for X-PROTOCOL=HTTPS, for example, passing this from the proxy as a typical
header is simply wrong for security reasons.  It's too trivial to fake, and
it's too expensive to guard against.

The safe way is to have two header-types, one, a client HTTP-type header.  The
other, proxy metadata such as the protocol, SSL keys and other server variables.
These wouldn't be relayed as HTTP-style headers, so therefore all sorts of proxy
to backend data can be trusted.

(FYI - w.r.t. the client/server certs, I don't suggest a full blown mod_ssl
type of decomposition.  If they want to tear apart the certificates, it sure
makes sense to introspect them through jsse, no?)

Bill

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message