tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Dale <jcdw...@gmail.com>
Subject Re: Wildcard certificates
Date Wed, 17 Apr 2019 14:42:10 GMT
My understanding is that the folks at SUN really put their backs into
it from the beginning:
https://stackoverflow.com/questions/479701/does-java-have-buffer-overflows

Since hot spot compilers have matured, Java is virtually as fast as
C/++ (the Java is slow argument falls in my deaf ears, even if it is
amazingly repeated still today by members of other programming
religions).

Other proxies/balancers also do threat mitigation (DDOS, flooding,
etc).  I have written some of my own code to deal with this .. because
of the way I handle data and MVC, I have a central place to park all
of the heuristics.  I bet these heuristics could become robust and
maintainable over time.

I would be happy to share (would need a little time to isolate and
deliver). I have always wondered how difficult it is to have
Apache/Tomcat evaluate new projects.  Part of  this certbot solution
requires providing some automated validation for the certbot CSA
agent.  This code can stand alone, but I have it integrated with some
other tools that have also proven helpful.  I wonder if I might
attract a sponsorship from someone within ASF for my project?

I call it DB2DOM.COM - it's a "pseudosingularity" because it is used
to extend and maintain itself.

Any ideas I'd love to hear them.

Have a good one,

John


On 4/17/19, TurboChargedDad . <linuxhpceng@gmail.com> wrote:
>   I would have the opposite feeling.  I would not want a java process
> parked out in the internet.  Not saying you're wrong just my personal
> feeling.  Maybe things have shifted in a different direction over the
> year.  I do agree that something like that would be helpful to other tomcat
> admins.  Would you consider putting it into github ?
>
> Thanks,
> J
>
> On Wed, Apr 17, 2019 at 9:18 AM John Dale <jcdwrrc@gmail.com> wrote:
>
>> I have a really nice process that works great with certbot.  Single
>> command to renew all of my certs and I'm finished.
>>
>> I get some piece of mind having a Java process guarding the front
>> door.  Seems to be more impervious to overflows.  What am I missing?
>>
>> I think what I have might be easily developed into something to help
>> other Tomcat users.
>>
>> On 4/17/19, TurboChargedDad . <linuxhpceng@gmail.com> wrote:
>> >   We terminated SSL above the tomcat layer using NGINX or Apache to
>> > avoid
>> > the complexities that come with managing a JKS.  I want to hear all I
>> > can
>> > on this subject.
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message