tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John MccLain" <jmccl...@tcshealthcare.com>
Subject RE: Tomcat and IIS question
Date Fri, 27 Feb 2004 16:23:29 GMT


-----Original Message-----
From: Ben Souther [mailto:bpsouther@adelphia.net]
Sent: Thursday, February 26, 2004 3:43 PM
To: Tomcat Users List
Subject: Re: Tomcat and IIS question


I imagine that you've got Tomcat and IIS communicating behind a firewall, if
not on the same machine.  If only IIS is exposed to the internet, why would
you need communication between the two to be encrypted?

>We are producing a medical app. As part of the new HIPAA requirements,
we are to take all precautions necessary to ensure that personal health
information is securely
transmitted electronically. If someone should break through all other
security measures,
the data will still be encrypted, and we have reduced our liability.

Also, If you aren't relying on IIS for encryption, why use it at all?  Why
not just use Tomcat as a stand alone and install the certificate there?

> IIS needs to run so that our clients can continue to administer their
other
apps (which could be ASP) in the same manner as they are used too,
without having our app interfere. What we need is roundtrip encryption - yes
it will be slow through IIS-
but if you have any other ideas for this kind of scenario, please tell me as
I am not an sys admin.
I am a humble software engineer


Are you running ASP apps too?



On Thursday 26 February 2004 06:51 pm, you wrote:
> I believe there is a misunderstanding (I think???)...
> I already have tomcat talking to IIS, and IIS talking securely with the
> client. The problem is that IIS decrypts ssl requests to process them. In
> the case of a servlet request, it forwards the decrypted request to Tomcat
> and Tomcat sends the response decrypted back to IIS (I think???). I want
> all requests and responses to be encrypted. How can I have all
> communication secure???
>
> -----Original Message-----
> From: Ben Souther [mailto:bpsouther@adelphia.net]
> Sent: Thursday, February 26, 2004 2:58 PM
> To: Tomcat Users List
> Subject: Re: Tomcat and IIS question
>
>
> http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk/iishowto.html
>
> On Thursday 26 February 2004 05:19 pm, you wrote:
> > Can I be running IIS and Tomcat concurrently and have specific webapps
> > directed to each for processing. I am assuming that Tomcat will be
> > running as a web server as well as servlet container and that IIS is of
> > course running as a web server. The goal is to elminate the port number
> > from the address window for all requests, to use tomcat/ssl for dynamic
> > webapps,
>
> and
>
> > for other static webapss, have them run through IIS. The general
question
> > is--how can I accomplish this goal???
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message