On Wednesday, November 20, 2002, at 03:58 PM, Randy Shoup wrote:
I' am dumb ass today. That was a typo. It should have read:Dain wrote:There is no reason you have to separate the web container from the EJB container. The only reason this ever came up in J2EE is the other vendors charge so much for a CPU license you wanted to maximize the CMP utilization of the EJB boxes.Just out of curiosity, why would it be less secure to use a reverse-proxy? You ought to be able to put the reverse-proxy in the DMZ, and the J2EE container (with web + EJB components) behind the internal firewall. Now there is no application code of any kind in the DMZ (so there is nothing to lose if this machine is compromised), and you only have to open the single HTTP port to the backend machine.
The only good reasons I have heard is security. For security I don't believe that you can get the same benefit by using a proxy process in front.
(I realize I am asking you to explain a position you don't believe, but I am curious what you have heard :-)
"For security I *DO* believe that you can get the same benefit by using a proxy process in front."
I can explain my reasons for believing that if you want, but I think you already agree with me.
-dain
-------------------------------------------------------
This sf.net email is sponsored by: Battle your brains against the best in the Thawte Crypto Challenge. Be the first to crack the code - register now: http://www.gothawte.com/rd521.html
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
