On 28.02.2018 16:01, Cheltenham, Chris wrote:
In this case are you tunneling into tomcat via 8009 AJP connector?
"tunneling the (unencrypted) AJP connection between Apache httpd and
Tomcat, so that it's no longer transmitted in clear text." - that's how
I'd phrase it.
(and thank you Chris
...@christopherschultz.net]
Sent: Wednesday, February 28, 2018 9:37 AM
To: users@tomcat.apache.org
Subject: Re: [OT] Security of AJP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Olaf,
On 2/28/18 2:46 AM, Olaf Kock wrote:
> On 27.02.2018 23:18, Christopher Schultz wrote:
>> -BEGIN PGP SIGNE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Olaf,
On 2/28/18 2:46 AM, Olaf Kock wrote:
> On 27.02.2018 23:18, Christopher Schultz wrote:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256
>>
>> Olaf,
>>
>> On 2/27/18 4:33 PM, Olaf Kock wrote:
>>> On 27.02.2018 21:54, Mark A. Claassen wrote:
Hi Christopher,
On 27.02.2018 23:18, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Olaf,
On 2/27/18 4:33 PM, Olaf Kock wrote:
On 27.02.2018 21:54, Mark A. Claassen wrote:
I would /not/ state that it's /not secure/. But I'm following your
later argument: It's an "
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Olaf,
On 2/27/18 4:33 PM, Olaf Kock wrote:
> On 27.02.2018 21:54, Mark A. Claassen wrote:
>> From what I have read, it seems that the AJP connector is not
>> secure, and is meant to be used in a protective environment.
>> There are lots of things th
