Hi Barbara,
Sorry still on holiday, not reading email every day...
Read this articlae by one of the tomcat gurus... nice and academic, has
calcs on load factors etc...
That "Secure generic configuration"... is how I was thinking but a bank will
genearlly be even more paranoid.
Like for example a bank IT reads about something like exploiting buffer
overflows in IIS, or some other creative hack that gets the hacker into the
network and they will probably go for something like this...
http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci906407,00.html
See dual firewalls...
put them together and you probably have what bankers would consider good
protection..
ie even if the hacker hacked a machine in the DMZ and got onto the
network... Tomcat the machine with sensitive access to other services... is
still behind another firewall.
Smaller organizations would typically just have a router firewall, and a
server behind it... if that server is a linux box setup correctly... it also
becomes a quasi firewall... possibly with dual network connections, and
Tomcat, or Apache running.... and linux guys would probably consider that
very secure as well.
Linux is a little grey, because it literally can become anything.... but in
concept, something like the above is happening....
Google there is tons of info.... and various levels of paranoa ;)
---------------------------------------------------------------------------
HARBOR: http://coolharbor.100free.com/index.htm
The best application server on earth
---------------------------------------------------------------------------
----- Original Message -----
From: "Bárbara Vieira" <[EMAIL PROTECTED]>
To: "'Tomcat Users List'" <users@tomcat.apache.org>;
<[EMAIL PROTECTED]>
Sent: Wednesday, January 09, 2008 6:30 PM
Subject: RE: Why use a Web Server over Tomcat?
Alan and Johnny,
I agree with Alan. I'm using the same scheme to save passwords in database,
and SSL too.
But, Johnny's answer help me understand some things.
Johnny, when you say:
So in those organization Tomcat is probably behind the second internal
firewall
for staff to use as well.
What do you mean? If you have a Tomcat inside a DMZ, usually we have one
firewall, that separates internet from intranet, i.e., the firewall filters
requests that comes from de outside. Isn't that?
Thanks,
Regards,
Bárbara Vieira
-----Original Message-----
From: Alan Chaney [mailto:[EMAIL PROTECTED]
Sent: quarta-feira, 9 de Janeiro de 2008 14:10
To: Tomcat Users List
Subject: Re: Why use a Web Server over Tomcat?
One reason for doing this, is again not whether IIS or APACHE is better
although APACHE on linux in the
hands of a guru is very good, its because Tomcat carries clear text
passwords, so if a hacker did
get at the machine, they would probably see the Active X LDAP master
password,
I don't understand this comment at all. 'Passwords' in tomcat can be
managed by a whole host of authentication schemes. I use SSL to protect
access to the password on the net and MD5 encoded passwords in a
database for user authentication and access control. It depends entirely
upon how you configure your system.
Regards
Alan
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
!DSPAM:4784031b130881839419991!
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]