You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Peter Crowther <Pe...@melandra.com> on 2009/04/01 17:44:45 UTC

[OT] RE: redirection

> From: Gregor Schneider [mailto:rc46fi@googlemail.com]
> See, I believe in the statement that the more components you're adding
> to an environment, the more possibilities there are for a
> security-hole. However, to believe is not to know...

It's clear that a naïve "more components => less secure" argument doesn't work in computer security, as I think few people on this list would argue with the following: "A Tomcat server with a dedicated firewall in front will be more secure than the same Tomcat with no dedicated firewall in front."  Here, more components - and the assumption of fitness for purpose and correct configuration - lead to an assumption of higher rather than lower security.

So we're then into a discussion of how well httpd + mod_security + { mod_proxy, mod_jk} would serve for the purpose - a discussion of the *quality* of the components, rather than just the *quantity*.  And that's why I'd love to see the hard data because, like you, I don't know :-).

                - Peter

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org