> From: Alston, Brian (US SSA) [mailto:brian.als...@baesystems.com] > Thank you for reading and replying. Can I assume from > your reply that if I am not on a secure LAN that I should SSL > httpd and both Tomcat servers?
SSL between httpd and Tomcat will protect the channel between httpd and Tomcat from eavesdropping and some tampering. How likely is someone to be able to intercept and/or tamper with the communication between your httpd and your Tomcat servers? If it's unlikely (for example, because the httpd <=> Tomcat communication is via a LAN that you reckon is "secure enough"), you probably have better targets for your security effort. - Peter --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org