tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Crowther <Peter.Crowt...@melandra.com>
Subject [OT] RE: redirection
Date Wed, 01 Apr 2009 15:44:45 GMT
> From: Gregor Schneider [mailto:rc46fi@googlemail.com]
> See, I believe in the statement that the more components you're adding
> to an environment, the more possibilities there are for a
> security-hole. However, to believe is not to know...

It's clear that a naïve "more components => less secure" argument doesn't work in computer
security, as I think few people on this list would argue with the following: "A Tomcat server
with a dedicated firewall in front will be more secure than the same Tomcat with no dedicated
firewall in front."  Here, more components - and the assumption of fitness for purpose and
correct configuration - lead to an assumption of higher rather than lower security.

So we're then into a discussion of how well httpd + mod_security + { mod_proxy, mod_jk} would
serve for the purpose - a discussion of the *quality* of the components, rather than just
the *quantity*.  And that's why I'd love to see the hard data because, like you, I don't know
:-).

                - Peter

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message