tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <>
Subject Re: Status/Authority of AJP/1.5
Date Tue, 25 Oct 2005 16:03:26 GMT
Costin Manolache wrote:
> Security ( i.e. authentication ) might be the only reason to extend
> AJP - but even this can be done on top of the existing protocol, using
> a custom header and connection initiation.

Only partly true.  Let's take the HTTPS state, for example... if tomcat looks
for X-PROTOCOL=HTTPS, for example, passing this from the proxy as a typical
header is simply wrong for security reasons.  It's too trivial to fake, and
it's too expensive to guard against.

The safe way is to have two header-types, one, a client HTTP-type header.  The
other, proxy metadata such as the protocol, SSL keys and other server variables.
These wouldn't be relayed as HTTP-style headers, so therefore all sorts of proxy
to backend data can be trusted.

(FYI - w.r.t. the client/server certs, I don't suggest a full blown mod_ssl
type of decomposition.  If they want to tear apart the certificates, it sure
makes sense to introspect them through jsse, no?)


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message