tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Randall Parker" <rand...@nls.net>
Subject RE: Nonroutable protocol between Apache and Tomcat?
Date Fri, 07 Jul 2000 22:18:58 GMT
The advantage of a nonroutable protocol is precisely that it is not routable.

Suppose you happen to have 2 boxes that sit on a LAN that is fully exposed to the public internet
(no firewall - I won't get into the why of that here). Suppose that you have a nonroutable
protocol that let 
you talk between those two boxes and that certain services (eg Apache and Tomcat) on those
2 boxes only talked via that non-routable protocol. Then those services couldn't be hacked
by the outside 
world. There'd be no way for an outside source to get the nonroutable protocol onto your local
LAN.

I am not specifically pining for NetBEUI support. I just want a protocol that is nonroutable.
Which one it is I don't care as long as that protocol works. The reasons have to do with security.

Can one use SSL on the connection between Apache and Tomcat? Even if that were possible my
guess is that'd be mumore computationally intensives. And that overhead ought to be avoided
if possible. 

On Fri, 7 Jul 2000 10:38:52 -0400, Bedell, Kevin wrote:

>To my knowledge, Apache and Tomcat communicate using the "ajpv12"
>proprietary protocol over TCP/IP - I can't imagine any way to change this.

Just put the contents of the messages into a packet that is from a non-IP protocol.

The problem as I see it is that there doesn't appear to be support for non-IP protocols in
Java. Java is very TCP/IP-centric. 

>
>It may be possible to handle using NetBEUI if you use the Microsoft Nbt
>protocol that encapsulates TCP/IP over NetBEUI. This would have to be
>handled in the network setup on your NT box - the Apache configuration would
>not be impacted - it would still be the default TCPIP settings.
>
>Switch to TCP/IP - no reason to use NetBEUI! It locks you into MS networking
>only!

If NetBEUI was implemented on Linux that that would cease to be a lock-in. 





Mime
View raw message