tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: mod_jk - apache to tomcat using SSL
Date Tue, 16 Mar 2010 22:02:43 GMT
Campbell, Lance wrote:
> I have a web server and an application server.  I use mod_jk to
> communicate between apache2.0 and tomcat 6.  I don't believe the
> communication between apache and tomcat is secured by default.  Is there
> a way to have it send the information in a secure way.
> 
I do not presume to know the sensitivity of the data passing between 
your webserver and your application server, not the physical topology of 
your network, nor the real possibility of the data being compromised, 
nor the real capabilities of your servers.

But if you were to make an SSL connection between the front-end and the 
back-end, you would more than double the encryption overhead. 
Supposedly, the clients already connect to Apache via HTTPS, and Apache 
has to decrypt the data on the way in, and encrypt it on the way out 
to/from the client.  That will remain the case anyway. But if Apache has 
to communicate with the Tomcat back-end via SSL, it will need to do the 
same encryption/decryption for all the data a second time, and Tomcat at 
its end also.
That is true no matter which method you would use, tunnel or HTTPS proxy.
It may be a necessity, and it may be affordable, but it should not be a 
decision taken lightly thinking it is free of consequences.
A crossover cable is less exciting, but may be much cheaper.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message