It is possible for Apache to be compromised without Tomcat being
compromised e.g. an overflow in Apache. So if Apache (or other service
on the front box) is compromised and the systems are tiered then the
intruder can only impersonate local actions. If all tiers reside on the
same server then by compromising Apache or Tomcat the intruder can
effectively impersonate as either tier.
Leon Rosenberg wrote:
On 10/13/05, Peter Johnson <[EMAIL PROTECTED]> wrote:
Pro: - enhanced security due to tiers
Why? If tomcat has a security hole, putting an apache in front of it,
wouldn't change anything, since the security hole would be as exposed
as with standalone tomcat.
leon
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]