Since apparently this capability is not available, yet, nor a high priority,
might I suggest ssh tunneling. We use it here to tunnel MySQL replication
through a set of firewalls:
ssh -2 -N -T -q -L <localport>:<remote-host>:<remote-port> <remote-host>
Using PKE means that I can run that tunnel as a particular pseudo-user with
its own set of keys. I use a daemon to make sure that if the tunnel dies,
it comes back. As I said, this technique supports the real-time replication
that we've been running for more than two years.
I see no reason why I couldn't run an SSH tunnel over which to transparently
run Connector protocols, which makes more sense to me than bolting SSL onto
them. SSH tunnels not only protect the data, they authenticate the user.
If I were Company B, I would not want just anyone connecting to my Tomcat
via a Connector!
--- Noel
-----Original Message-----
From: news [mailto:[EMAIL PROTECTED]]On Behalf Of Bill Barker
Sent: Saturday, December 14, 2002 2:19
To: [EMAIL PROTECTED]
Subject: Re: SSL Connection Tomcat and Apache
While there seems to be a demand for SSL from Apache->Tomcat, the fact is
that it is not currently implemented. Both the Warp & Ajp13 protocols send
the messages un-encrypted and easily enough decipherable to a sniffer. They
are designed around the assumption the your Tomcat Server is in the same DMZ
as your Apache/httpd server.
Of course, patches are always welcome, if anyone wants to add SSL support to
either Warp or Ajp13 ;-).
"Turner, John" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
With the increase in web services, and different companies working as
partners, it's very conceivable (in my mind) that there would be a situation
where the initial web request was handled by apache owned by Company A, and
for one reason or another, needed to connect to tomcat owned by Company B
across the public internet to fulfill the request. Rather than incorporate
some sort of separate VPN scenario with software or hardware (or both) it
would be nice to be able to create an encrypted tunnel from one server to
the other (apache<->tomcat) on the fly.
I'm definitely interested in hearing from people who have this working, and
how they did it. I intend to try setting it up myself as soon as I have the
time.
John Turner
[EMAIL PROTECTED]
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
