-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Srini,
On 9/23/15 11:55 AM, Srinivasan Raman wrote: > Hi Chris, Thanks for the speedy response. >> Do you have any evidence that there is a performance advantage, >> here? localhost TCP is quite fast. > > Sorry, I should have provided more details while posting the > query. > > Due to a security policy that mandates that a certain type of > sensitive data flowing over a communication channel must be > encrypted, we are using SSL. If the communication channel were to > be Unix Domain sockets, we do not need to encrypt the data, based > on the data classification for this use-case. So, localhost/TCP is considered a "communication channel" while a Unix Domain Socket is not? While I appreciate the idea that a UDS is by definition localhost-only (if you ignore various types of virtualization), localhost/TCP is no less secure. Is the idea that localhost/TCP can be easily changed to non-localhost/TCP and therefore it can never be trusted? In an environment like that, I'm surprised they are allowing Open Source Software to be used in the first place, or even Java. :( - -chris >> Subject: Re: Need help understanding support for Unix Domain >> Sockets in Tomcat 7.0.x To: users@tomcat.apache.org From: >> ch...@christopherschultz.net Date: Wed, 23 Sep 2015 10:03:07 >> -0400 >> > Srini, > > On 9/23/15 7:54 AM, Srinivasan Raman wrote: >>>> In one use-case, for performance reasons, I wold like to >>>> explore the option of connecting from a in-house software >>>> load balancer running in a VM running Linux to a Tomcat >>>> instance running in the same VM using Unix Domain sockets. > > Do you have any evidence that there is a performance advantage, > here? localhost TCP is quite fast. > > http://tomcat.10.x6.nabble.com/Unix-domain-socket-support-for-AJP-conn ec > > tor-td2048906.html > >>>> Googling for this brought up some mention of Unix Domain >>>> Sockets as part of APR, AJP etc., but I could not locate any >>>> concrete examples of how this can be done. > > AJP certainly does not support UDS. I'm not sure about APR, but I > don't see any immediate direct support for it. You'd basically have > to write everything on top of basic libc calls. > >>>> Appreciate if anyone that has information this can point me >>>> in the right direction. > > I don't think anyone is really interested in pursuing this, > unfortunatel y. > > -chris >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > > -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWAv0VAAoJEBzwKT+lPKRYzv8QAJZuJDcxXc9+CoHSgaovz6hL +n+xMtqeYtWA0Od272g8ujOTv6Sejkku1kkWtYEdCSIF7NClyTt5254fYh3SDH69 u2ZR5x3G7EwlLA28xLsOEm/poS5E7l/RbApjx3ZVx/gfvULkTZIO+qUSiHGw2Ndh NJTgkWYPvC8DyhcRtjBqAKbEGzIIJhCMKZNs9Rbdcm5bGFfbKBpHQkf1uDBevjCD KN4A1yGwa3PfGKf+hiyAYCiMueWX+00Yhsz1tq0yA2NeHMl8gF69fc5m5lDLQARl N7P3ZNleTwpgKgeagsPDPeaqPdoncFdI1/BmRN+aDYCE7FXnBi1k3EWhZXRFTHjq HR9XwBTVqNMPJyQqOuUqIe/gV/ox0RKigZ+NaBMs5+BZcCBjTlTW3tjl2Rv9wjfK PsvTPxhMlSTGaKqhPHsqnd3JFvFBxSS9VqHeRMS5iLu5iqOyoxLXa1K+3P3SqHR6 6j9t76gdKQYXCk+PVJhbc8NPKM60REkVMFzl/t6edjctUZz4ciyNJFpUyKGDR8vK 3ZVqh3HBJAADSVokBIBrjvVgOUDuwLXxCqRsxjdHBoQc9lqCUFjccn19Yu2iBAB/ rxwkT9mi4h7cbKlzerzs8UGSTg1Tu/qq3A/Z2isdlr1l4vriF2xiYQ6BaI+WR1WH +ocxzCB7mYz5Mbt1erna =crgK -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
