> From: Gregor Schneider [mailto:[email protected]] > On Wed, Apr 1, 2009 at 4:22 PM, Peter Crowther > <[email protected]> wrote: > > > > And, indeed, that Apache + mod_security + mod_jk + Tomcat > has fewer vulnerabilities than just Tomcat. > > > > Since I'm interested on hard data, too, hand over the facts, please.
Quite. If you look at the full original quote... -- snip -- > From: fredk2 [mailto:[email protected]] [...] > (assuming you do not use a WAF firewall). And, indeed, that Apache + mod_security + mod_jk + Tomcat has fewer vulnerabilities than just Tomcat. -- snip -- ... I was re-using the "assuming" from the previous poster's brackets. Sorry - I should have made that more explicit. Here's the re-stated version: And, indeed, *assuming* that Apache + mod_security + mod_jk + Tomcat has fewer vulnerabilities than just Tomcat. I'd also be very interested to see the evidence (either way) on that. - Peter --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
