tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jack Frosch" <>
Subject RE: apache or tomcat
Date Thu, 21 Feb 2002 01:53:55 GMT
I'd like to offer an additional reason to compartmentalize the two
functions: better security.

Your web server can operate behind a firewall with only Port 80 open
(assuming non-SSL). Tomcat can run on a machine on the LAN.  A firewall
can be placed between the web server and the Tomcat machine with only
Port 8008 open (assuming Warp connector) so Apache and Tomcat can
communicate.  With all other ports closed, it's pretty difficult for
someone who manages to exploit a vulnerability in the web server to
compromise the Tomcat server.

If you put Tomcat out in the DMZ as both a web server and Servlet
runner, then presumably you'll have to provide some open ports on the
LAN to communicate to your database.  If someone could exploit a
vulnerability in Tomcat, the database is now at risk.

Just my two cents ...


-----Original Message-----
From: Gang Wu [] 
Sent: Tuesday, February 05, 2002 9:26 AM
Subject: apache or tomcat


I'm choosing between 2 solutions.
1. Apache as web server with SSL config, tomcat as servlet container 2.
Tomcat as both web server and servlet container with SSL config.

I do need some help to distiguish those 2 solutions. does tomcat as web
= server have any obvious disadvantages?



To unsubscribe:   <>
For additional commands: <>
Troubles with the list: <>

View raw message