Ahh, ok, there's my confusion. We did not have app server 'software'. When I say
"app server" I'm referring to the actual server machine serving as the application
server. My RMI server is basically just handling db requested through the RMI
transport. It's not a transaction site, yet, so this method will do for now.
So, without actual application server software, can JRun on the app server machine be
available to take requests from a web server.
Thank you again Scott. It's much appreciated.
----- Original Message -----
From: Scott Neufeld <[EMAIL PROTECTED]>
To: Jeffrey D. Curry <[EMAIL PROTECTED]>
Sent: Thursday, March 25, 1999 9:02 AM
Subject: Re: *Architecture/security question using RMI and Servlets*
> Jrun comes with its own listener, but you do not want to use that. Application
>Server's, such as NAS and others, each have an http listener (or https listener) as
>part of its' architecture. If it doesn't, then you simply install one.
>
> "Jeffrey D. Curry" wrote:
>
> > >on your web server, then you've got a listener attached to JRun on your app
> > What kind of listener - this I don't understand? JRun comes with a built in web
>server (which isn't recommended), so what do you use to make JRun "listen" on the app
>server? How would you use Http (or Https) to access JRun on the app server if it's
>not attached TO a web server?
> >
> > I appreciate your insight. Thank you.
> >
> > ----- Original Message -----
> > From: Scott Neufeld <[EMAIL PROTECTED]>
> > To: Jeffrey D. Curry <[EMAIL PROTECTED]>
> > Sent: Thursday, March 25, 1999 8:31 AM
> > Subject: Re: *Architecture/security question using RMI and Servlets*
> >
> > > You still need a port opened for RMI, correct? The setup shouldn't be any less
>secure. I don't know of any places where this is documented, and I don't know if JRun
>can
> > > run unattached -- but why would it be unattached? You've got a listener
>delivering web pages on your web server, then you've got a listener attached to JRun
>on your app
> > > server processing servlet requests. Each are behind a firewall. Each are being
>hit by clients that are given access to each of the servers, and each are doing it
>via http
> > > (or https) protocol.
> > >
> > >
> > > "Jeffrey D. Curry" wrote:
> > >
> > > > We're behind one firewall/proxy to the web servers in the DMZ and the app
>server is behind another. Isn't leaving that port open to the app server though less
>secure?
> > > > I'm using JRun. Can you run JRun on an app server without being attached to a
>web server?
> > > > Can you site examples of this kind of usage documented anywhere?
> > > > ----- Original Message -----
> > > > From: Scott Neufeld <[EMAIL PROTECTED]>
> > > > To: <[EMAIL PROTECTED]>
> > > > Sent: Thursday, March 25, 1999 7:25 AM
> > > > Subject: Re: *Architecture/security question using RMI and Servlets*
> > > >
> > > > > If your servlet runner is behind a firewall, and the servlets are directly
> > > > > accessing a database that is also behind the firewall, you've got an
>extremely
> > > > > secure setup. The only point of insecurity would be if you are delivering
> > > > > content from the servlets to the clients in an insecure (i.e. http, or
> > > > > non-firewalled) access. How are users hitting the servlets?
> > > > > The extra step of having RMI involved may or may not hurt your security;
> > > > > however, it definitely makes things less efficient than the servlets going
> > > > > direct to the database. We do this kind of connection all the time, but we
>do it
> > > > > within a corporate intranet, so we're already behind a firewall.
> > > > >
> > > > >
> > > > > "Jeffrey D. Curry" wrote:
> > > > >
> > > > > > Currently, I have JRun running with NES 3.6 on the web server. Some of the
> > > > > > servlets act as RMI Clients and access an RMI Server on the application
> > > > > > server through a firewall. This works fine.
> > > > > >
> > > > > > Although, someone is trying to point out that doing it the following way
> > > > > > would be a lot easier and just as secure. (I.E. Re-do my architecture)
> > > > > > I'm tring to poke holes in this and I'm HOPING someone else can support
>me:
> > > > > >
> > > > > > Instead of having JRun run with NES on the web server, they want to have
> > > > > > JRun run, in standalone mode, on the application server. The Servlets, on
> > > > > > the app server, would then make calls directly to the database. The web
> > > > > > pages, on the web server, would point to the JRun instance + servlet name
> > > > > > on
> > > > > > the app server (versus to a servlet on the web server). There's still a
> > > > > > firewall between the web & application servers.
> > > > > >
> > > > > > 1.) Is this second way secure? If so, or if not, please let me know
>which
> > > > > > one is more secure and for what reasons.
> > > > > > 2.) Is this way beneficial AT ALL over the first method?
> > > > > > 3.) Is this way documented or is anyone using this method?
> > > > > >
> > > > > > If you could PLEASE get back to me ASAP (like by 3/25) I'd appreciate it
> > > > > > GREATLY!
> > > > > >
> > > > > > Thank you
> > > > > >
> > > > > > ___________________________________________________________________________
> > > > > > To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> > > > > > of the message "signoff SERVLET-INTEREST".
> > > > > >
> > > > > > Archives: http://archives.java.sun.com/archives/servlet-interest.html
> > > > > > Resources: http://java.sun.com/products/servlet/external-resources.html
> > > > > > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
> > > > >
> > > > >
> > >
>
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
