Or it could be in the world of outsourcing you have a giant pool of 1st,
2nd, and 3rd level support who are offshore which need "access" to
perform basic trouble shooting before escalation. And 90% of them have
no idea they have access but getting them access when they would need it
becomes a g
Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
On 2/23/2011 2:56 PM, André Warnier wrote:
Personally, in such a case I would see the solution with an SSH or VPN
tunnel as much simpler to put in place, and requiring much less "opening
of ports".
There's nothin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
On 2/23/2011 2:56 PM, André Warnier wrote:
> Personally, in such a case I would see the solution with an SSH or VPN
> tunnel as much simpler to put in place, and requiring much less "opening
> of ports".
There's nothing that says that port 800
Mladen Turk wrote:
On 02/23/2011 07:28 PM, Jason Pyeron wrote:
encrypting the data transfer between those boxes cause you
can just as well make sure the proper persons have the network access.
That list includes 78 people.
You mean 78 people monitor your network for trouble
...
I don'
...
It is not that I am wedded to any particular implementation, it is just each
change requires board approval.
A change for reconfiguring the enabled modules in apache. [we can skip this if
we stay with mod_proxy_ajp, as it was already approved]
A change for opening up a port on the apache bo
On 02/23/2011 07:28 PM, Jason Pyeron wrote:
encrypting the data transfer between those boxes cause you
can just as well make sure the proper persons have the network access.
That list includes 78 people.
You mean 78 people monitor your network for trouble or
you have your production serv
> -Original Message-
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Sent: Wednesday, February 23, 2011 10:38
> To: Tomcat Users List
> Subject: Re: Secure AJP over ssl
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Mark,
&g
> -Original Message-
> From: Mladen Turk [mailto:mt...@apache.org]
> Sent: Wednesday, February 23, 2011 3:01
> To: users@tomcat.apache.org
> Subject: Re: Secure AJP over ssl
>
> On 02/22/2011 11:23 PM, Jason Pyeron wrote:
> >> -Original Message
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark,
On 2/23/2011 10:36 AM, Mark Thomas wrote:
> On 23/02/2011 15:32, Christopher Schultz wrote:
>> Mladen,
>>
>> On 2/23/2011 3:00 AM, Mladen Turk wrote:
>>> What do you think happens when encrypted data from client comes in and
>>> is encrypted aga
On 23/02/2011 15:32, Christopher Schultz wrote:
> Mladen,
>
> On 2/23/2011 3:00 AM, Mladen Turk wrote:
>> What do you think happens when encrypted data from client comes in and
>> is encrypted again and send to the client?
>> It's unencrypted in the memory and anyone with access to the box
>> can
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mladen,
On 2/23/2011 3:00 AM, Mladen Turk wrote:
> What do you think happens when encrypted data from client comes in and
> is encrypted again and send to the client?
> It's unencrypted in the memory and anyone with access to the box
> can just inspec
On 02/22/2011 11:23 PM, Jason Pyeron wrote:
-Original Message-
That is a naive view. [Please forgive the wording.]
None taken.
Given:
1) The Apache box is secure and login is restricted to the minimum set of
persons with a kneed to know.
2) The Tomcat box is secure and login is re
> -Original Message-
> From: Mladen Turk [mailto:mt...@apache.org]
> Sent: Tuesday, February 22, 2011 1:20
> To: users@tomcat.apache.org
> Subject: Re: Secure AJP over ssl
>
> On 02/21/2011 10:31 PM, Jason Pyeron wrote:
> > Does (or could) tomcat 5.5
On 02/21/2011 10:31 PM, Jason Pyeron wrote:
Does (or could) tomcat 5.5 support encrypted AJP? The frontend apache will be on
a different host than the tomcat server. It is required that the communications
are encrypted.
I would suggest you reconsider your security requirements.
Unless your fro
On 21/02/2011 22:28, Jason Pyeron wrote:
> Where are the docs for certificate chaining with mod_proxy? I have not found
> any.
Unhelpfully, the comments in the relevant class aren't in Javadoc
format. Grr. That will be fixed shortly.
In the meantime, add the following to your SSL virtual host in
> -Original Message-
> From: Mark Thomas [mailto:ma...@apache.org]
> Sent: Monday, February 21, 2011 17:26
> To: Tomcat Users List
> Subject: Re: Secure AJP over ssl
>
> On 21/02/2011 22:19, Jason Pyeron wrote:
> >> -Original Message-
> >&
On 21/02/2011 22:19, Jason Pyeron wrote:
>> -Original Message-
>> From: Mark Thomas
>> Sent: Monday, February 21, 2011 17:15
>> To: Tomcat Users List
>> Subject: Re: Secure AJP over ssl
>>
>> On 21/02/2011 21:31, Jason Pyeron wrote:
>>&g
> -Original Message-
> From: Mark Thomas
> Sent: Monday, February 21, 2011 17:15
> To: Tomcat Users List
> Subject: Re: Secure AJP over ssl
>
> On 21/02/2011 21:31, Jason Pyeron wrote:
> > Does (or could) tomcat 5.5 support encrypted AJP?
>
> No.
>
&
On 21/02/2011 21:31, Jason Pyeron wrote:
> Does (or could) tomcat 5.5 support encrypted AJP?
No.
> Would I be best off using stunnel?
Also, no.
Use mod_proxy_http and proxy over https.
Mark
-
To unsubscribe, e-mail: users-u
Does (or could) tomcat 5.5 support encrypted AJP? The frontend apache will be on
a different host than the tomcat server. It is required that the communications
are encrypted.
Would I be best off using stunnel?
My googleing has led me astray to
http://download.oracle.com/docs/cd/E13789_01/bh.100/
20 matches
Mail list logo
