David, Thanks for the enlightening survey. Eitan > -----Original Message----- > From: David Wall [mailto:[EMAIL PROTECTED]] > Sent: Monday, July 02, 2001 5:56 PM > To: [EMAIL PROTECTED] > Subject: Re: Does Apache worth it? Security issues make it worth it > > > One thing architecturally and security-wise about having > Apache front Tomcat > should also be mentioned. Apache provides native code for > serving up HTTP > 1.1 (is Tomcat at 1.1 yet, or still 1.0?) which means images > and such are > transferred much more efficiently. This is also particularly > true for SSL > code. > > But the separation makes it easier to put the application > server on a box > that is not directly connected to the Internet. > Architecturally speaking, > this is a huge advantage since you don't generally want your > application > code to be so vulnerable to attacks. Using mod_jk, you can > put Tomcat on a > private network with a firewall that limits access very > tightly -- only > allowing connections FROM the web server using the 8007/8009 ports (if > that's what you use). This is much more restrictive than > needing to allow > ports 80/443 from ANY computer in the world. It also means > that a hacker > has to get through two layers of your system before they can reach the > "gold," such as modifying JSP pages for graffiti or getting to your > database. > > David >
