Hello there, Sounds good!
For the authentication of our tomcat applications we rely on a SSO solution (keycloak) using standards like SAML and OpenIDConnect. Maybe a session about this can fit in the event. I would be interested in what other folks are doing in this field. Thanks, Luis El jue., 1 oct. 2020 a las 17:19, Christopher Schultz (< ch...@christopherschultz.net>) escribió: > Raghu, > > On 9/30/20 10:35, Mysore, Raghunath wrote: > > This plan about Tomcat security is very nice. We look forward to the > meetings. > > > > Could we have a session related to " Best practices for using Tomcat > > + (Apache Web Server) Forward Proxy (FP) combo in a real production > > environment " where an application hosted in Tomcat (web) container, > > targets a destination system in the internet, through the FP ? > There are some presentations already on our "presentations" page that > might address some of your questions. Is there something specific that > is missing? > > http://tomcat.apache.org/presentations.html > > > The application communicates with the destination system on a TLS > > channel. The FP is placed in a perimeter zone. The role of FP is to > > route the intranet traffic to the destination system in internet. > > This sounds like a fairly specific use-case. Are you looking for help in > building such a system, or some suggestions for making sure that it's > secure, high-performance, etc.? > > > Is there any generalized document that makes assessment (and > > recommendations) of a Tomcat plus a Forward Proxy combo, in a real > > word set up ? > No, but it would probably be an interesting subject for a presentation. > Maybe you could work with others in the community to develop such a > presentation and in fact present it at an upcoming conference! > > -chris > > > -----Original Message----- > > From: Maarten van Hulsentop <maar...@vanhulsentop.nl> > > Sent: Wednesday, September 30, 2020 3:10 AM > > To: Tomcat Users List <users@tomcat.apache.org> > > Subject: Re: Virtual event focussed on Tomcat Security > > > > Hi Mark, > > > > This sounds like a great idea to me. Security is a very important topic, > and the maturity of the Tomcat makes it a very secure choice for users. I > am sure a lot of people will be interested to join in. > > > > What is not completely clear to me on this event; would this event be > focussed on improving the security of Tomcat from within (as a Hackathon > suggests)? Like trying to find security flaws/improvements and get them > fixed. > > or is this meant to be an educational event where information is shared > about secure setups/hardening of the Tomcat in production systems? Or a > little of both? > > > > For the educational/hardening aspect, it could be nice to team up > with/involve OWASP? > > > > I am surely interested to pitch in on this topic! > > > > Kind regards, > > > > Maarten van Hulsentop > > > > Op di 29 sep. 2020 om 13:26 schreef Mark Thomas <ma...@apache.org>: > > > >> Hi all, > >> > >> We (the Tomcat community) have some funding from Google to help us > >> improve Tomcat security. Our original plan was to use the funding to > >> support an in-person security focussed hackathon. As you would expect, > >> those plans are on hold for now. We would, therefore, like to explore > >> the possibility of doing something virtually. > >> > >> The purpose of this email is to gather input from the community about > >> what such an event should look like. With that input we can put > >> together a plan for the event. So, over to you. What would your ideal > >> virtual event focussed on Tomcat Security look like? > >> > >> Thanks, > >> > >> Mark > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > >> > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better." - Samuel Beckett