On Thu, Jan 13, 2011 at 1:11 PM, Jack Bates <jba...@brightok.net> wrote: > On 1/13/2011 11:56 AM, William Herrin wrote: >> So all the folks who use reverse proxies like an http accellerator are >> wrong? > > They have their purpose. However, depending on the security rating of the > accelerator versus the security rating of the backend server will depend on > the negative or positive effect it has on overall security. > > 1) If backend server has low security rating and proxy also serves to > protect backend server flaws, then the proxy has a positive security rating. > > 2) If backend server is similar or better security rating than the proxy, > then the proxy server has a negative security rating, as it has introduced a > second application in the channel which can possibly be exploited. ie, you > have to worry about backend server security as well as the proxy security, > and exploiting either can possibly compromise security for both.
That's what I think. I'm curious what Roland thinks. -Bill -- William D. Herrin ................ her...@dirtside.comĀ b...@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
