-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All,
On 10/14/2010 1:01 PM, Pid wrote: > On 14/10/2010 17:19, Rob Gregory wrote: >> >> Is Tomcat classed as insecure > > Nope. Unless it's identified as Jetty. :( [Sorry, I can't find a reference to that thread.... I swear it was this week!] >> and as such requires this proxy in front or is this due to the fact that >> Tomcat cannot reverse proxy on its own. > > Why does it need to? > > (Arguably, putting HTTPD in front of Tomcat gives you a larger potential > for vulnerabilities, not less) ...or at least a different set of vulnerabilities. As Mark Thomas mentioned the other day, Tomcat cannot currently do reverse-proxying, though it's been considered a few times in the past. Nobody has ever bothered to implement it, probably because Apache httpd does such a good job at it. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAky3V1cACgkQ9CaO5/Lv0PAcFgCgh6PWoc0ZXGrbLikOo5WU0WYc qm8An25SGd+07tr8tTkcv40/tvx7kcUk =MNJf -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
