>> Way back to technic ;-)
>
>Great too see that.
>
May be the last time :-(
>I think Dan is the authority in this, but I'll add my 2c anyway.
>
>- it's not a bad idea - as long as it's an option
That's could be a secured ajp13 or ajp14 ?-)
>- maybe there are ways to do it without too much code change -
>you can use
>tunnels ( and you can get that done even in hardware ). Cryptography is
>slow and hard to implement it the right way, so I would rather
>prefer to
>use existing solutions.
I used such solutions with ssh tunnels (like CVS at apache.org) but I
really like to have a built-in solution. I know also a little SSL since
I produced sometimes ago the SSL Proxy jonama
(http://www.multimania.com/jonama/),
but SSL is just too slow at conect time and SSH is also a little too hard.
I was thinking a more simple algorithm, ie: DES with known keys.
But there is a great SSH job in Java done by mindterm
(http://www.mindbright.se/mindterm/)
and also fine crypto (www.cryptix.org)
>- Having a group of URLs sent over a different protocol is certainly a
>good thing ( for example you could have the encrypted tunnel on a
>different port ) - and should be coordinated with the load
>balancing stuff ( where it can also be usefull)
Yep...
>- BTW, SSH or SSL tunnels are very easy to set and available to most
>people.
Yes but it is an out of the box solution. I really like having a integrated
solution.
>- Proably the best contribution to resolve this problem will
>not be code
>added to mod_jk, but a documentation describing how to do that with
>available tools, and maybe some way to automate it.
Easy under Redhat boxes, with some OpenSSL and OpenSSH RPM.
May be later I could send some doc about ?
