Even better; I have a tomcat as a web server and J2EE web container, using an ssl connector, with a servlet/jsp application that talks to a James instance in the same machine, that accepts only smtp requests from that same machine if outbound.
If I understood correctly all your postings this is exactly what you are looking for. It works fine and secure. Vincenzo > -----Original Message----- > From: David Schwartz [mailto:[EMAIL PROTECTED] > Sent: giovedi 19 giugno 2003 18.40 > To: James Users List > Subject: RE: SMTP > > > Thanks Noel > > >>If the connector between the web server and tomcat is secure... > > Are you referring to the apache connector for tomcat? > > What if I'm using tomcat as the web server, without Apache? > > -----Original Message----- > From: Noel J. Bergman [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 18, 2003 3:55 PM > To: James Users List > Subject: RE: SMTP > > > > Only problem is that I wasn't planning on putting Tomcat on the server > > > with the ssl certificate - yet. I wanted to have java/james/tomcat on > > > a server & web server with ssl on dif machine. > > If the connector between the web server and tomcat is secure, then you > are fine. Otherwise, an intruder could attempt connecting to tomcat > directly on the second machine. Also, if you have the password conveyed > over the connector, it is possible that it could be sniffed. The issue, > at this point, is just a webapp security topic. > > Please note > (http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html): > > "When running Tomcat primarily as a Servlet/JSP container behind another > web server, such as Apache or Microsoft IIS, it is usually necessary to > configure the primary web server to handle the SSL connections from > users. Typically, this server will negotiate all SSL-related > functionality, then pass on any requests destined for the Tomcat > container only after decrypting those requests. Likewise, Tomcat will > return cleartext responses, that will be encrypted before being returned > to the user's browser. In this environment, Tomcat knows that > communications between the primary web server and the client are taking > place over a secure connection (because your application needs to be > able to ask about this), but it does not participate in the encryption > or decryption itself." > > --- Noel > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]