Re: Why use a Web Server over Tomcat?

Thu, 10 Jan 2008 12:33:11 -0800 


---------------------------------------------------------------------------
HARBOR: http://coolharbor.100free.com/index.htm
The best application server on earth
---------------------------------------------------------------------------
----- Original Message ----- From: "Johnny Kewl" <[EMAIL PROTECTED]> 
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Thursday, January 10, 2008 10:27 PM
Subject: Re: Why use a Web Server over Tomcat?



Hi Barbara,

Sorry still on holiday, not reading email every day...
Read this articlae by one of the tomcat gurus... nice and academic, has calcs on load factors etc... 

http://people.apache.org/~mturk/docs/article/ftwai.html
That "Secure generic configuration"... is how I was thinking but a bank will genearlly be even more paranoid. Like for example a bank IT reads about something like exploiting buffer overflows in IIS, or some other creative hack that gets the hacker into the network and they will probably go for something like this... 

http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci906407,00.html

See dual firewalls...
put them together and you probably have what bankers would consider good protection..
ie even if the hacker hacked a machine in the DMZ and got onto the network... Tomcat the machine with sensitive access to other services... is still behind another firewall.
Smaller organizations would typically just have a router firewall, and a server behind it... if that server is a linux box setup correctly... it also becomes a quasi firewall... possibly with dual network connections, and Tomcat, or Apache running.... and linux guys would probably consider that very secure as well.
Linux is a little grey, because it literally can become anything.... but in concept, something like the above is happening.... 

Google there is tons of info.... and various levels of paranoa ;)




---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to