tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jack Frosch" <jfro...@froschenterprises.com>
Subject RE: apache or tomcat
Date Thu, 21 Feb 2002 01:53:55 GMT
I'd like to offer an additional reason to compartmentalize the two
functions: better security.

Your web server can operate behind a firewall with only Port 80 open
(assuming non-SSL). Tomcat can run on a machine on the LAN.  A firewall
can be placed between the web server and the Tomcat machine with only
Port 8008 open (assuming Warp connector) so Apache and Tomcat can
communicate.  With all other ports closed, it's pretty difficult for
someone who manages to exploit a vulnerability in the web server to
compromise the Tomcat server.

If you put Tomcat out in the DMZ as both a web server and Servlet
runner, then presumably you'll have to provide some open ports on the
LAN to communicate to your database.  If someone could exploit a
vulnerability in Tomcat, the database is now at risk.

Just my two cents ...

Jack

-----Original Message-----
From: Gang Wu [mailto:gang.wu@tietoenator.com] 
Sent: Tuesday, February 05, 2002 9:26 AM
To: tomcat-user@jakarta.apache.org
Subject: apache or tomcat


Hi,

I'm choosing between 2 solutions.
1. Apache as web server with SSL config, tomcat as servlet container 2.
Tomcat as both web server and servlet container with SSL config.

I do need some help to distiguish those 2 solutions. does tomcat as web
= server have any obvious disadvantages?

regards

Gang


--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message