> >> Way back to technic ;-)
> >
> >Great too see that.
> >
>
> May be the last time :-(
I hope not - it's great working with you :-)
> >- it's not a bad idea - as long as it's an option
>
> That's could be a secured ajp13 or ajp14 ?-)
AFAIK ajp13 can be extended in a backward-compatible
way ( or at least it should be ) by adding new packet
ids.
I wouldn't mind an ajp14, mod_jk is based on the idea
that there is no "perfect" protocol, but I would try
first to extend 13 ( I'm not even sure if this is
possible - if not then we need a 14).
> I used such solutions with ssh tunnels (like CVS at
> apache.org) but I
> really like to have a built-in solution. I know also
> a little SSL since
> I produced sometimes ago the SSL Proxy jonama
> (http://www.multimania.com/jonama/),
> but SSL is just too slow at conect time and SSH is
> also a little too hard.
I'll take a look.
> I was thinking a more simple algorithm, ie: DES with
> known keys.
AFAIK both SSL and SSH are using DES after the initial
connection is set up ( or IDEA, or other symatrical
alghoritm - some faster than DES ).
Also ( based on 3-4 old memories ) you could extend
both protocols with other encryption alghoritms.
> >- BTW, SSH or SSL tunnels are very easy to set and
> available to most
> >people.
>
> Yes but it is an out of the box solution. I really
> like having a integrated
> solution.
Having it "bundled" with tomcat is very hard -
encryption is allways a problem.
>
> Easy under Redhat boxes, with some OpenSSL and
> OpenSSH RPM.
> May be later I could send some doc about ?
Check it in - as long as we are still commiters :-)
Costin
__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/