-Original Message-
From: Mark A. Claassen [mailto:mclaas...@ocie.net]
Sent: Thursday, March 1, 2018 11:20 AM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: RE: Security of AJP
Thanks everyone for your feedback. I am the one who unknowingly opened
this can of worms. :)
It seem
: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Thursday, March 1, 2018 11:54 AM
To: users@tomcat.apache.org
Subject: Re: Security of AJP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark(s) and Terence,
On 3/1/18 11:20 AM, Mark A. Claassen wrote:
> Thanks everyone for y
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark(s) and Terence,
On 3/1/18 11:20 AM, Mark A. Claassen wrote:
> Thanks everyone for your feedback. I am the one who unknowingly
> opened this can of worms. :)
>
> It seems like there is a bit of momentum for altering the
> documentation, so I
d
assumes no legal liability or responsibility for the posting.
-Original Message-
From: Terence M. Bandoian [mailto:tere...@tmbsw.com]
Sent: Thursday, March 1, 2018 8:34 AM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Security of AJP
On 2/28/2018 10:16 AM, Ma
On 2/28/2018 10:16 AM, Mark H. Wood wrote:
On Wed, Feb 28, 2018 at 09:25:53AM -0500, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Chris,
On 2/28/18 8:40 AM, Cheltenham, Chris wrote:
Since AJP is not really needed by Tomcat; If I comment out the AJP
startup line
On Wed, Feb 28, 2018 at 09:25:53AM -0500, Christopher Schultz wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Chris,
>
> On 2/28/18 8:40 AM, Cheltenham, Chris wrote:
> > Since AJP is not really needed by Tomcat; If I comment out the AJP
> > startup line in server.xml will that
On 28.02.2018 16:01, Cheltenham, Chris wrote:
In this case are you tunneling into tomcat via 8009 AJP connector?
"tunneling the (unencrypted) AJP connection between Apache httpd and
Tomcat, so that it's no longer transmitted in clear text." - that's how
I'd phrase it.
(and thank you
Chris and Chris
-Original Message-
> From: Cheltenham, Chris [mailto:ccheltenham-...@philasd.org]
> Sent: Wednesday, February 28, 2018 8:40 AM
> To: Tomcat Users List <users@tomcat.apache.org>
> Subject: RE: Security of AJP
>
> Since AJP is not really needed by
Schultz [mailto:ch...@christopherschultz.net]
Sent: Wednesday, February 28, 2018 9:26 AM
To: users@tomcat.apache.org
Subject: Re: Security of AJP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Chris,
On 2/28/18 8:40 AM, Cheltenham, Chris wrote:
> Since AJP is not really needed by Tomcat; If I comm
...@christopherschultz.net]
Sent: Wednesday, February 28, 2018 9:37 AM
To: users@tomcat.apache.org
Subject: Re: [OT] Security of AJP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Olaf,
On 2/28/18 2:46 AM, Olaf Kock wrote:
> On 27.02.2018 23:18, Christopher Schultz wrote:
>> -BEGIN PGP SIGNE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Olaf,
On 2/28/18 2:46 AM, Olaf Kock wrote:
> On 27.02.2018 23:18, Christopher Schultz wrote:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256
>>
>> Olaf,
>>
>> On 2/27/18 4:33 PM, Olaf Kock wrote:
>>> On 27.02.2018 21:54, Mark A. Claassen
servers.
If you don't understand any of these things, you generally don't have
to worry about them.
If you don't need a reverse-proxy, you don't need AJP or the connector
that speaks it.
- -chris
> -Original Message- From: Christopher Schultz
> [mailto:ch...@christopherschultz.net
Stanchev [mailto:gstanc...@serena.com]
Sent: Wednesday, February 28, 2018 9:09 AM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: RE: Security of AJP
It is used, for example, if you want to front Tomcat by Apache Web Server or
by IIS (among others). In those cases the HTTP processing i
TCPIP to Tomcat's
AJP connector.
Is it more clear now?
-Original Message-
From: Cheltenham, Chris [mailto:ccheltenham-...@philasd.org]
Sent: Wednesday, February 28, 2018 6:40 AM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: RE: Security of AJP
Since AJP is not really
...@christopherschultz.net]
Sent: Tuesday, February 27, 2018 4:26 PM
To: users@tomcat.apache.org
Subject: Re: Security of AJP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 2/27/18 3:54 PM, Mark A. Claassen wrote:
> From what I have read, it seems that the AJP connector is not sec
Hi Christopher,
On 27.02.2018 23:18, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Olaf,
On 2/27/18 4:33 PM, Olaf Kock wrote:
On 27.02.2018 21:54, Mark A. Claassen wrote:
I would /not/ state that it's /not secure/. But I'm following your
later argument: It's an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Olaf,
On 2/27/18 4:33 PM, Olaf Kock wrote:
> On 27.02.2018 21:54, Mark A. Claassen wrote:
>> From what I have read, it seems that the AJP connector is not
>> secure, and is meant to be used in a protective environment.
>> There are lots of things
Mark,
On 27.02.2018 21:54, Mark A. Claassen wrote:
From what I have read, it seems that the AJP connector is not secure, and is meant to be
used in a protective environment. There are lots of things that imply this, like no SSL
settings and such, but I cannot find it directly stated
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 2/27/18 3:54 PM, Mark A. Claassen wrote:
> From what I have read, it seems that the AJP connector is not
> secure, and is meant to be used in a protective environment.
> There are lots of things that imply this, like no SSL settings and
>
>From what I have read, it seems that the AJP connector is not secure, and is
>meant to be used in a protective environment. There are lots of things that
>imply this, like no SSL settings and such, but I cannot find it directly
>stated anywhere. I am pretty confident in my read of this, but
20 matches
Mail list logo
