RE: Tomcat and IIS question
-Original Message- From: Ben Souther [mailto:[EMAIL PROTECTED] Sent: Thursday, February 26, 2004 3:43 PM To: Tomcat Users List Subject: Re: Tomcat and IIS question I imagine that you've got Tomcat and IIS communicating behind a firewall, if not on the same machine. If only IIS is exposed to the internet, why would you need communication between the two to be encrypted? >We are producing a medical app. As part of the new HIPAA requirements, we are to take all precautions necessary to ensure that personal health information is securely transmitted electronically. If someone should break through all other security measures, the data will still be encrypted, and we have reduced our liability. Also, If you aren't relying on IIS for encryption, why use it at all? Why not just use Tomcat as a stand alone and install the certificate there? > IIS needs to run so that our clients can continue to administer their other apps (which could be ASP) in the same manner as they are used too, without having our app interfere. What we need is roundtrip encryption - yes it will be slow through IIS- but if you have any other ideas for this kind of scenario, please tell me as I am not an sys admin. I am a humble software engineer Are you running ASP apps too? On Thursday 26 February 2004 06:51 pm, you wrote: > I believe there is a misunderstanding (I think???)... > I already have tomcat talking to IIS, and IIS talking securely with the > client. The problem is that IIS decrypts ssl requests to process them. In > the case of a servlet request, it forwards the decrypted request to Tomcat > and Tomcat sends the response decrypted back to IIS (I think???). I want > all requests and responses to be encrypted. How can I have all > communication secure??? > > -Original Message- > From: Ben Souther [mailto:[EMAIL PROTECTED] > Sent: Thursday, February 26, 2004 2:58 PM > To: Tomcat Users List > Subject: Re: Tomcat and IIS question > > > http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk/iishowto.html > > On Thursday 26 February 2004 05:19 pm, you wrote: > > Can I be running IIS and Tomcat concurrently and have specific webapps > > directed to each for processing. I am assuming that Tomcat will be > > running as a web server as well as servlet container and that IIS is of > > course running as a web server. The goal is to elminate the port number > > from the address window for all requests, to use tomcat/ssl for dynamic > > webapps, > > and > > > for other static webapss, have them run through IIS. The general question > > is--how can I accomplish this goal??? > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat and IIS question
Can I be running IIS and Tomcat concurrently and have specific webapps directed to each for processing. I am assuming that Tomcat will be running as a web server as well as servlet container and that IIS is of course running as a web server. The goal is to elminate the port number from the address window for all requests, to use tomcat/ssl for dynamic webapps, and for other static webapss, have them run through IIS. The general question is--how can I accomplish this goal??? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and IIS question
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk/iishowto.html On Thursday 26 February 2004 05:19 pm, you wrote: > Can I be running IIS and Tomcat concurrently and have specific webapps > directed to each for processing. I am assuming that Tomcat will be running > as a web server as well as servlet container and that IIS is of course > running as a web server. The goal is to elminate the port number from the > address window for all requests, to use tomcat/ssl for dynamic webapps, and > for other static webapss, have them run through IIS. The general question > is--how can I accomplish this goal??? > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat and IIS question
I believe there is a misunderstanding (I think???)... I already have tomcat talking to IIS, and IIS talking securely with the client. The problem is that IIS decrypts ssl requests to process them. In the case of a servlet request, it forwards the decrypted request to Tomcat and Tomcat sends the response decrypted back to IIS (I think???). I want all requests and responses to be encrypted. How can I have all communication secure??? -Original Message- From: Ben Souther [mailto:[EMAIL PROTECTED] Sent: Thursday, February 26, 2004 2:58 PM To: Tomcat Users List Subject: Re: Tomcat and IIS question http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk/iishowto.html On Thursday 26 February 2004 05:19 pm, you wrote: > Can I be running IIS and Tomcat concurrently and have specific webapps > directed to each for processing. I am assuming that Tomcat will be running > as a web server as well as servlet container and that IIS is of course > running as a web server. The goal is to elminate the port number from the > address window for all requests, to use tomcat/ssl for dynamic webapps, and > for other static webapss, have them run through IIS. The general question > is--how can I accomplish this goal??? > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and IIS question
I imagine that you've got Tomcat and IIS communicating behind a firewall, if not on the same machine. If only IIS is exposed to the internet, why would you need communication between the two to be encrypted? Also, If you aren't relying on IIS for encryption, why use it at all? Why not just use Tomcat as a stand alone and install the certificate there? Are you running ASP apps too? On Thursday 26 February 2004 06:51 pm, you wrote: > I believe there is a misunderstanding (I think???)... > I already have tomcat talking to IIS, and IIS talking securely with the > client. The problem is that IIS decrypts ssl requests to process them. In > the case of a servlet request, it forwards the decrypted request to Tomcat > and Tomcat sends the response decrypted back to IIS (I think???). I want > all requests and responses to be encrypted. How can I have all > communication secure??? > > -Original Message- > From: Ben Souther [mailto:[EMAIL PROTECTED] > Sent: Thursday, February 26, 2004 2:58 PM > To: Tomcat Users List > Subject: Re: Tomcat and IIS question > > > http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk/iishowto.html > > On Thursday 26 February 2004 05:19 pm, you wrote: > > Can I be running IIS and Tomcat concurrently and have specific webapps > > directed to each for processing. I am assuming that Tomcat will be > > running as a web server as well as servlet container and that IIS is of > > course running as a web server. The goal is to elminate the port number > > from the address window for all requests, to use tomcat/ssl for dynamic > > webapps, > > and > > > for other static webapss, have them run through IIS. The general question > > is--how can I accomplish this goal??? > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
