On 09/01/2007, at 5:20 PM, Christopher Schultz wrote:
Leon Rosenberg wrote:
Also by using apache in front of tomcat you rather loose[sic]
security than gain it. At least this is my personal opinion :-)
Would you care to defend that argument? Security in layers is
typically
an advantage.
One could argue that more moving parts equals more complexity, and
that
complexity is an enemy of security (and I agree). However, there
must be
a balance. If good security requires layers, and each layer adds more
complexity, then there is a paradox.
With Apache HTTPD you have the advantage of being able to do fine
grained
url/ IP access control.
It also brings with it however all the bugs that are in Apache HTTPD.
What are your trying to protect by adding in Apache HTTPD?
The IP Stack ? - Nope kernel issue - have this problem with both...
Tomcats connection handling ? Nope - not protected as mod_proxy
and mod_jk
blindly forward all traffic towards the backend tomcat.
So unless you want protect certain paths, hiding tomcat behind an apache
will not bring any security benefits.
Regards
Andrew
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
