You do have a very good point. At one point we need to trust somebody. If we send the data in a readable format then the number of point of attack area increases. I mean the network packets could be read by people who maintain the network. Of course, I agree the network hops would be minimal but still that needs to be accounted in our case.
-----Original Message----- From: John Turner [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 12:06 PM To: Tomcat Users List Subject: Re: Stable tomcat + apache + mod_j2 + ssl The systems administrators will be the ones setting up stunnel and OpenSSL. Thus, they will have access to the configuration files, certificates, keys and other resources used by OpenSSL. Thus, they will most likely have the ability to decrypt whatever communications are sent over the network. Sooner or later, at some point, you have to trust somebody. Otherwise, it gets really lonely out there. John Ramanan Ramadoss wrote: > We have our webserver and app server on two separate physical machines but > on the same LAN sub-net. But the information has to be in encrypted form so > that the information is not in a readable form even to the system/network > administrators who are maintaining the machines. > > > > -----Original Message----- > From: Rick Roberts [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 05, 2003 11:45 AM > To: Tomcat Users List > Subject: Re: Stable tomcat + apache + mod_j2 + ssl > > > Are you sure that you need to encrypt traffic between Apache and Tomcat? > > That is an unusual requirement, because usually both tomcat and Apache are > running on the same computer or at least running in the same LAN sub-net. > > Ramanan Ramadoss wrote: > >>Thanks for your reply. >> >>We need to implement end to end encryption. I do not have an option with >>respect to the OS. I have Windows 2000 as our OS for both the webserver > > and > >>app server. Due to end to end encryption, we have to secure the >>communication between the webserver and app server. >> >>I have heard about mod_ssl but have not used it. Would that be an option > > to > >>secure the communication between apache and tomcat. Your opinion is highly >>appreciated. >> >>--Ramanan --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
