> -----Original Message----- > From: Mladen Turk [mailto:mt...@apache.org] > Sent: Tuesday, February 22, 2011 1:20 > To: users@tomcat.apache.org > Subject: Re: Secure AJP over ssl > > On 02/21/2011 10:31 PM, Jason Pyeron wrote: > > Does (or could) tomcat 5.5 support encrypted AJP? The > frontend apache > > will be on a different host than the tomcat server. It is required > > that the communications are encrypted. > > > > I would suggest you reconsider your security requirements.
Cordially, no. > Unless your frontend and backend are on different continents > the best way to fight wire tapping (only reason why would you Yes. You hit the nail on the head, besides being required by law. > secure the communication at the first place) is much better > done with securing your infrastructure. That is a naive view. [Please forgive the wording.] Given: 1) The Apache box is secure and login is restricted to the minimum set of persons with a kneed to know. 2) The Tomcat box is secure and login is restricted to the minimum set of persons with a kneed to know. There is no reason to allow the set of persons capable (and sometimes authorized) to inspect the data on a network (network operations) to be able to inspect the unsecured contents of the data stream. That would be a briech of security and law. -Jason -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100 - - +1 (443) 269-1555 x333 Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
