Bárbara, Am Tue, 8 Jan 2008 13:53:11 -0000 schrieb Bárbara Vieira <[EMAIL PROTECTED]>: > I understand your perspective. But, my question is about security. Why > systems banks use an IIS Server instead of an Apache Server over a > Tomcat Server(or some servlet container) [...]
For what I have seen about online banking systems around here, some of them do use an IIS to do their web hosting (eventually by making use of some internal CMS to actually include/edit content) but the actual banking solution they do use is a J(2)EE application in some app server. In such a scenario, they are required to somehow create an "integrated" environment (with a behaviour seamless to the user), to somehow "linking", say, IIS and the J(2)EE app server / servlet container. > I understand the fact that systems uses a Web Server over another to > serve static content. But if in my application all content is closed, > i.e., every client that wants to accede to that content must be > authenticated and that authentication is controlled by Tomcat. There's more to security than just authentication. In our environment, the tomcat installations are on production servers in our LAN fully accessible to our internal users desktop clients (including some more services for document / file access), and "external" access (from the "outside" internet) is done via an apache2 reverse proxy living in a DMZ segment. This way, I can keep people from directly accessing my productive systems, which is helpful to say the very least. ;) Cheers, Kristian -- Kristian Rink * http://zimmer428.net * http://flickr.com/photos/z428/ jab: [EMAIL PROTECTED] * icq: 48874445 * fon: ++49 176 2447 2771 "One dreaming alone, it will be only a dream; many dreaming together is the beginning of a new reality." (Hundertwasser) --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
