Re: Tomcat and IIS Web Server
IIS will handle the https. That means that actually the connection between IIS and tomcat is not secure, so take that into consideration as you make your decision. Varley, Roger wrote: Hi I have Tomcat running behind Microsofts IIS Web server. All requests go first to IIS and IIS forwards any URL specified in workers.properties to Tomcat. All standard stuff and it works well. I now need to use HTTPS to send a request to IIS which is going to be forwarded to Tomcat. My question is where does the authentication take place? Does IIS handle the authentication and certificates *before* it passes the request to Tomcat or does IIS pass control to Tomcat expecting it to handle the authentication and certificates? Or do I need to configure both IIS and Tomcat to handle HTTPS? Regards Roger __ This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Atos Origin group liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat and IIS Web Server
IIS will handle the https. That means that actually the connection between IIS and tomcat is not secure, so take that into consideration as you make your decision. Thanks Daniel. Both the IIS server and Tomcat are located on the same server behind a firewall - so that really shouldn't be an issue should it? Even if they were on different servers behind a firewall given that I'm not worried about internal snooping it's still not an issue - or am I missing something important here? Regards Roger Varley, Roger wrote: Hi I have Tomcat running behind Microsofts IIS Web server. All requests go first to IIS and IIS forwards any URL specified in workers.properties to Tomcat. All standard stuff and it works well. I now need to use HTTPS to send a request to IIS which is going to be forwarded to Tomcat. My question is where does the authentication take place? Does IIS handle the authentication and certificates *before* it passes the request to Tomcat or does IIS pass control to Tomcat expecting it to handle the authentication and certificates? Or do I need to configure both IIS and Tomcat to handle HTTPS? Regards Roger _ _ This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Atos Origin group liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. _ _ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Atos Origin group liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and IIS Web Server
You're right. If you can trust your machine(s) and the users on them, then you should be secure enough. Varley, Roger wrote: IIS will handle the https. That means that actually the connection between IIS and tomcat is not secure, so take that into consideration as you make your decision. Thanks Daniel. Both the IIS server and Tomcat are located on the same server behind a firewall - so that really shouldn't be an issue should it? Even if they were on different servers behind a firewall given that I'm not worried about internal snooping it's still not an issue - or am I missing something important here? Regards Roger Varley, Roger wrote: Hi I have Tomcat running behind Microsofts IIS Web server. All requests go first to IIS and IIS forwards any URL specified in workers.properties to Tomcat. All standard stuff and it works well. I now need to use HTTPS to send a request to IIS which is going to be forwarded to Tomcat. My question is where does the authentication take place? Does IIS handle the authentication and certificates *before* it passes the request to Tomcat or does IIS pass control to Tomcat expecting it to handle the authentication and certificates? Or do I need to configure both IIS and Tomcat to handle HTTPS? Regards Roger _ _ This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Atos Origin group liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. _ _ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Atos Origin group liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
