> From: Gregor Schneider [mailto:rc4...@googlemail.com]
> See, I believe in the statement that the more components you're adding
> to an environment, the more possibilities there are for a
> security-hole. However, to believe is not to know...
It's clear that a naïve "more components => less secure" argument doesn't work
in computer security, as I think few people on this list would argue with the
following: "A Tomcat server with a dedicated firewall in front will be more
secure than the same Tomcat with no dedicated firewall in front." Here, more
components - and the assumption of fitness for purpose and correct
configuration - lead to an assumption of higher rather than lower security.
So we're then into a discussion of how well httpd + mod_security + { mod_proxy,
mod_jk} would serve for the purpose - a discussion of the *quality* of the
components, rather than just the *quantity*. And that's why I'd love to see
the hard data because, like you, I don't know :-).
- Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
