A: Web Browser --> Apache B: Apache --> Tomcat C: Tomcat --> Database
Now onto the security ...
A: If ssl then secure
B: If ssl, then secure. If not ssl, then someone between tomcat and apache might be able to sniff the line. If tomcat apache on the same box and someone can sniff - you have bigger problems.
C: It depends on the database protocol which is database specific. Each vendor can tell you this. In a usual case a database should be hidden from the world (via firewall) so this communucation is usually "secure" by means of only trusted people are on that network segment, but they could sniff the line if they wanted to.
-Tim
Lars Nielsen Lind wrote:
I have a server with Apache 2.0.44 and Jakarta-Tomcat 4.1.18. I am using OpenSSL 0.9.7a with Apache.
Question:
If the user activates a jsp page with a javabean component with access to a PostgreSQL database server (communicates with port 5432) from the secure area (https) - is it then possible to 'sniff' the communication between the component and the database server or is this communication encrypted by apache with ssl?
If it is possible to 'sniff' the communication - how do I best prevent this?
Best regards,
Lars Nielsen Lind
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
