-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Graham,
On 9/24/15 2:56 PM, Graham Leggett wrote: > On 23 Sep 2015, at 22:05, André Warnier (tomcat) <a...@ice-sa.com> > wrote: > >> - you convince whoever wrote that requirement, that an internal >> TCP connection within the same host, is no less secure than a >> Unix Domain socket > > +1. While I obviously agree with the sentiment, I do feel bad for the OP who has to fight this battle. It's been a while since I did socket programming in C, but IIRC it's abstract enough that binding to an AF_INET socket and an AF_UNIX socket is roughly equivalent, so it shouldn't be /that/ hard to do this, in theory. The problems I can think of are as follows: 1. All the code we currently have in tcnative uses APR for everything, and I'm not sure if APR supports AF_UNIX sockets, or even if it would have to support them to do this. 2. The plumbing required to configure an AF_UNIX socket is non-trivial, and it's currently all wired-around using AF_INET sockets, so it's got hostname, port, etc. I suppose we could stuff the inode's name into the hostname and ignore the port number or something like that, but it's fairly hacky. 3. mod_jk would need to be modified in exactly the same way. So this is a non-trivial amount of work, here. Srini, is there any chance your employer would pay someone to write this code? Patches are always welcome, and Tomcat is otherwise completely free... - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWBa+iAAoJEBzwKT+lPKRYuJcQALca4OMxIxo7t5dPEjtJeSig dG83oFkGCAR5p04Lq5PCkzMBARHt+3IWcZhEOI9HkqwtS3rxQ39KnveemuD78sRI KwndtGQnCxKbIPnRpboRA0lSZymqL5udcrQCKFMceeis9cj4bOU45hFTIA8Qekm/ qg3OIjtpCX2OKh07M9t+0lk7RO9qNuWt6jzi0qwZkRt3vxSX6i3k4ZoAIndcIFSF Ep9tTbaUng1LjzmWqYxEw492JdX6Bx1VhYIdHHv3IxFFe8DFJyYmJ+Qb1cWMqAW6 GSKaYrIR+rHYYah82CLp3pfTtPFOumodklBpLPLAzUGBnP92PUPdlHYppEBiASWH CvmIMbpvjh8YkG923ipE+XG2BVx2Fg9HL6cWnnj50urkFP9OxD48WHq/0QmzT7bo Am0HXb5a1Ujnlt2SmiWuzkIkX2tG29yEcw16Ibapr5SAYuzQe7qwrsNb+ZHH/XTa BhKPgVDhYl9p9sxPdmrgBk20EljPv5mVTLD7qC29Ng0km/9KCeXmgJ8jP+NHEpV3 uztY3GSfyClNqoQCpKRonAmxDwAJtNVjyTF9sfGxNEK77XnthULY/Ikoh24Us/HJ tQ24QHpzn3YlbOng/e6ETnLsC/sL/kyHTmXnS+V07RjG0ms+CJ9S/oGkJgIdewma UOgkLhdKmzfO/y2cgT7+ =qebF -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
