> From: Gregor Schneider [mailto:rc4...@googlemail.com] > See, I believe in the statement that the more components you're adding > to an environment, the more possibilities there are for a > security-hole. However, to believe is not to know...
It's clear that a naïve "more components => less secure" argument doesn't work in computer security, as I think few people on this list would argue with the following: "A Tomcat server with a dedicated firewall in front will be more secure than the same Tomcat with no dedicated firewall in front." Here, more components - and the assumption of fitness for purpose and correct configuration - lead to an assumption of higher rather than lower security. So we're then into a discussion of how well httpd + mod_security + { mod_proxy, mod_jk} would serve for the purpose - a discussion of the *quality* of the components, rather than just the *quantity*. And that's why I'd love to see the hard data because, like you, I don't know :-). - Peter --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org