On Mar 2, 2008, at 7:20 PM, James Ellis wrote:
Inline:
> Date: Sun, 2 Mar 2008 17:59:00 -0600
> From: [EMAIL PROTECTED]
> To: [email protected]
> Subject: Re: [EMAIL PROTECTED] Unencrypted Channel From Web Server To
App Server
>
> James Ellis wrote:
> > Is it correct to say that in a typical Browser-Apache Web Server-
Tomcat
> > App Server setup, the SSL connection generally terminates at the
Apache
> > web server and the traffic between Apache and Tomcat (to the AJP
> > connector) is unencrypted? If I am correct that this is the
"usual"
> > setup, then isn't this a pretty big security flaw since the DMZ is
> > supposed be only "partly" safe?
> >
> > If someone were to crack into the DMZ and could sniff network
traffic,
> > then they could in theory listen in to traffic and grab all of
it in an
> > unencrypted state (which may include credit card information,
usernames,
> > passwords etc).
>
> Yes. This design relies on the integrity of the network beyond the
DMZ.
I am assuming the following design:
browser
FIREWALL (BEGIN DMZ)
web server
FIREWALL (END DMZ)
app server/database server
You say it relies on the integrity of the network "beyond" the DMZ,
but my point is that doesn't this design also rely on the integrity
WITHIN the DMZ? Since SSL is ending at the web server
here...traffic from the web server to the app server would be
unencrypted...
>
> A good solution is to use proxy_http over ssl and the https
connector for
> the last mile, if this is a concern in the environment you have
deployed.
And this right here:
A good solution is to use proxy_http over ssl and the https
connector for
> the last mile
States exactly that, running the webserver to app server via an ssl
proxy rather than just regular http proxy.
