Re: Need help understanding support for Unix Domain Sockets in Tomcat 7.0.x

Wed, 23 Sep 2015 14:07:05 -0700 

srini_

On 23.09.2015 19:03, Srinivasan Raman wrote:

Hi Graham,
Unfortunately, the data needs to be encrypted if the communication is over TCP, 
even if it is to a process in the same VM.
Any alternatives that you can suggest for getting Unix domain sockets to work 
with Tomcat? I did come across mention of a connector, JK, that mentions Unix 
Domain sockets - that's what got me interested in this.
Thanks,
srini_



You already got a response from Christopher, one of the Tomcat Committers.
Re-read it.

It basically boils down to this :
either
- you write this yourself from scratch, both at the Apache httpd (mod_jk/mod_proxy_ajp) and at the Tomcat level (AJP Connector) 
or
- you convince whoever wrote that requirement, that an internal TCP connection within the same host, is no less secure than a Unix Domain socket 

Your choice.

(Otherwise, look at "socat" : http://www.dest-unreach.org/socat/)
(I am just kidding; you would end up with two local TCP connections instead of one. But it /would/ use a UDS in-between. And internally, it must be doing the kind of things needed to "adapt" TCP to UDS and vice-versa. So maybe looking at the source code may give you an idea of what would be involved). 



Subject: Re: Need help understanding support for Unix Domain Sockets in Tomcat 
7.0.x
From: minf...@sharp.fm
Date: Wed, 23 Sep 2015 18:11:06 +0200
To: users@tomcat.apache.org

On 23 Sep 2015, at 5:55 PM, Srinivasan Raman <srini_b...@hotmail.com> wrote:


Sorry, I should have provided more details while posting the query.
Due to a security policy that mandates that a certain type of sensitive data 
flowing over a communication channel must be encrypted, we are using SSL. If 
the communication channel were to be Unix Domain sockets, we do not need to 
encrypt the data, based on the data classification for this use-case.


Would it be possible to confirm the need for encrypting traffic over localhost?

Regards,
Graham
—


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


                                        




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to