tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Crowther <Peter.Crowt...@melandra.com>
Subject RE: Which Do I SSL - httpd or Tomcat?
Date Tue, 02 Jun 2009 13:34:46 GMT
> From: Alston, Brian (US SSA) [mailto:brian.alston@baesystems.com]
>     Thank you for reading and replying. Can I assume from
> your reply that if I am not on a secure LAN that I should SSL
> httpd and both Tomcat servers?

SSL between httpd and Tomcat will protect the channel between httpd and Tomcat from eavesdropping
and some tampering.  How likely is someone to be able to intercept and/or tamper with the
communication between your httpd and your Tomcat servers?  If it's unlikely (for example,
because the httpd <=> Tomcat communication is via a LAN that you reckon is "secure enough"),
you probably have better targets for your security effort.

                - Peter

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message