Hi everyone! David, imagine that you are developing a web application to provide services like internet banking. What network architecture would you propose? How will you implement a DMZ? Probably you put a firewall between Web Server and Database Server!! Or not?
Regards, Bárbara Vieira -----Original Message----- From: David Smith [mailto:[EMAIL PROTECTED] Sent: quarta-feira, 9 de Janeiro de 2008 18:35 To: Tomcat Users List Subject: Re: Why use a Web Server over Tomcat? In my CISSP training, we covered the possiblity of putting a web server in between two firewalls. The outer one cleans the course junk out of the data stream like denial of service attacks, web server compromise attackes, malformed packets, as well as closing down server services that should be available to the company, but not the public. The inner one is more fine grained possibly protecting company data assets from disclosure or blocking unapproved websites from being accessed by employees. Just trying to say there is a business case for two firewalls -- it has more to do with protecting company assets than protecting the web server. --David Bárbara Vieira wrote: >Alan and Johnny, >I agree with Alan. I'm using the same scheme to save passwords in database, >and SSL too. >But, Johnny's answer help me understand some things. >Johnny, when you say: > > >>So in those organization Tomcat is probably behind the second internal >> >> >firewall > > >>for staff to use as well. >> >> >What do you mean? If you have a Tomcat inside a DMZ, usually we have one >firewall, that separates internet from intranet, i.e., the firewall filters >requests that comes from de outside. Isn't that? > >Thanks, >Regards, >Bárbara Vieira > > >-----Original Message----- >From: Alan Chaney [mailto:[EMAIL PROTECTED] >Sent: quarta-feira, 9 de Janeiro de 2008 14:10 >To: Tomcat Users List >Subject: Re: Why use a Web Server over Tomcat? > > > > >>One reason for doing this, is again not whether IIS or APACHE is better >>although APACHE on linux in the >>hands of a guru is very good, its because Tomcat carries clear text >>passwords, so if a hacker did >>get at the machine, they would probably see the Active X LDAP master >>password, >> >> > >I don't understand this comment at all. 'Passwords' in tomcat can be >managed by a whole host of authentication schemes. I use SSL to protect >access to the password on the net and MD5 encoded passwords in a >database for user authentication and access control. It depends entirely >upon how you configure your system. > >Regards > >Alan > > > >> >>--------------------------------------------------------------------- >>To start a new topic, e-mail: users@tomcat.apache.org >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >>!DSPAM:4784031b130881839419991! >> >> >> > >--------------------------------------------------------------------- >To start a new topic, e-mail: users@tomcat.apache.org >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > > >--------------------------------------------------------------------- >To start a new topic, e-mail: users@tomcat.apache.org >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]