> From: Alston, Brian (US SSA) [mailto:brian.als...@baesystems.com]
> Thank you for reading and replying. Can I assume from
> your reply that if I am not on a secure LAN that I should SSL
> httpd and both Tomcat servers?
SSL between httpd and Tomcat will protect the channel between httpd and Tomcat
from eavesdropping and some tampering. How likely is someone to be able to
intercept and/or tamper with the communication between your httpd and your
Tomcat servers? If it's unlikely (for example, because the httpd <=> Tomcat
communication is via a LAN that you reckon is "secure enough"), you probably
have better targets for your security effort.
- Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
