-6571
-Original Message-
From: Mark A. Claassen [mailto:mclaas...@ocie.net]
Sent: Thursday, March 1, 2018 11:20 AM
To: Tomcat Users List
Subject: RE: Security of AJP
Thanks everyone for your feedback. I am the one who unknowingly opened
this can of worms. :)
It seems like there is a bit of mom
: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Thursday, March 1, 2018 11:54 AM
To: users@tomcat.apache.org
Subject: Re: Security of AJP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark(s) and Terence,
On 3/1/18 11:20 AM, Mark A. Claassen wrote:
> Thanks everyone for y
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark(s) and Terence,
On 3/1/18 11:20 AM, Mark A. Claassen wrote:
> Thanks everyone for your feedback. I am the one who unknowingly
> opened this can of worms. :)
>
> It seems like there is a bit of momentum for altering the
> documentation, so I
and
assumes no legal liability or responsibility for the posting.
-Original Message-
From: Terence M. Bandoian [mailto:tere...@tmbsw.com]
Sent: Thursday, March 1, 2018 8:34 AM
To: Tomcat Users List
Subject: Re: Security of AJP
On 2/28/2018 10:16 AM, Mark H. Wood wrote:
> On Wed, Feb
On 2/28/2018 10:16 AM, Mark H. Wood wrote:
On Wed, Feb 28, 2018 at 09:25:53AM -0500, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Chris,
On 2/28/18 8:40 AM, Cheltenham, Chris wrote:
Since AJP is not really needed by Tomcat; If I comment out the AJP
startup line i
On Wed, Feb 28, 2018 at 09:25:53AM -0500, Christopher Schultz wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Chris,
>
> On 2/28/18 8:40 AM, Cheltenham, Chris wrote:
> > Since AJP is not really needed by Tomcat; If I comment out the AJP
> > startup line in server.xml will that affe
On 28.02.2018 16:01, Cheltenham, Chris wrote:
In this case are you tunneling into tomcat via 8009 AJP connector?
"tunneling the (unencrypted) AJP connection between Apache httpd and
Tomcat, so that it's no longer transmitted in clear text." - that's how
I'd phrase it.
(and thank you Chris
Chris and Chris
-Original Message-
> From: Cheltenham, Chris [mailto:ccheltenham-...@philasd.org]
> Sent: Wednesday, February 28, 2018 8:40 AM
> To: Tomcat Users List
> Subject: RE: Security of AJP
>
> Since AJP is not really needed by Tomcat; If I comment out the AJP
Schultz [mailto:ch...@christopherschultz.net]
Sent: Wednesday, February 28, 2018 9:26 AM
To: users@tomcat.apache.org
Subject: Re: Security of AJP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Chris,
On 2/28/18 8:40 AM, Cheltenham, Chris wrote:
> Since AJP is not really needed by Tomcat; If I comm
...@christopherschultz.net]
Sent: Wednesday, February 28, 2018 9:37 AM
To: users@tomcat.apache.org
Subject: Re: [OT] Security of AJP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Olaf,
On 2/28/18 2:46 AM, Olaf Kock wrote:
> On 27.02.2018 23:18, Christopher Schultz wrote:
>> -BEGIN PGP SIGNE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Olaf,
On 2/28/18 2:46 AM, Olaf Kock wrote:
> On 27.02.2018 23:18, Christopher Schultz wrote:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256
>>
>> Olaf,
>>
>> On 2/27/18 4:33 PM, Olaf Kock wrote:
>>> On 27.02.2018 21:54, Mark A. Claassen wrote:
and Tomcat or other
Java-based app servers.
If you don't understand any of these things, you generally don't have
to worry about them.
If you don't need a reverse-proxy, you don't need AJP or the connector
that speaks it.
- -chris
> -Original Message- From: Christoph
Stanchev [mailto:gstanc...@serena.com]
Sent: Wednesday, February 28, 2018 9:09 AM
To: Tomcat Users List
Subject: RE: Security of AJP
It is used, for example, if you want to front Tomcat by Apache Web Server or
by IIS (among others). In those cases the HTTP processing is done in the
front system and
TCPIP to Tomcat's
AJP connector.
Is it more clear now?
-Original Message-
From: Cheltenham, Chris [mailto:ccheltenham-...@philasd.org]
Sent: Wednesday, February 28, 2018 6:40 AM
To: Tomcat Users List
Subject: RE: Security of AJP
Since AJP is not really needed by Tomcat; If I commen
ultz [mailto:ch...@christopherschultz.net]
Sent: Tuesday, February 27, 2018 4:26 PM
To: users@tomcat.apache.org
Subject: Re: Security of AJP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 2/27/18 3:54 PM, Mark A. Claassen wrote:
> From what I have read, it seems that the AJP connector is no
Hi Christopher,
On 27.02.2018 23:18, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Olaf,
On 2/27/18 4:33 PM, Olaf Kock wrote:
On 27.02.2018 21:54, Mark A. Claassen wrote:
I would /not/ state that it's /not secure/. But I'm following your
later argument: It's an "
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Olaf,
On 2/27/18 4:33 PM, Olaf Kock wrote:
> On 27.02.2018 21:54, Mark A. Claassen wrote:
>> From what I have read, it seems that the AJP connector is not
>> secure, and is meant to be used in a protective environment.
>> There are lots of things th
Mark,
On 27.02.2018 21:54, Mark A. Claassen wrote:
From what I have read, it seems that the AJP connector is not secure, and is meant to be
used in a protective environment. There are lots of things that imply this, like no SSL
settings and such, but I cannot find it directly stated anywher
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 2/27/18 3:54 PM, Mark A. Claassen wrote:
> From what I have read, it seems that the AJP connector is not
> secure, and is meant to be used in a protective environment.
> There are lots of things that imply this, like no SSL settings and
>
>From what I have read, it seems that the AJP connector is not secure, and is
>meant to be used in a protective environment. There are lots of things that
>imply this, like no SSL settings and such, but I cannot find it directly
>stated anywhere. I am pretty confident in my read of this, but i
20 matches
Mail list logo
