java - Is the communication between httpd and tomcat secure? -


we have app running on tomcat port 8080, , fronting apache httpd, ssl installed , implemented, request redirected port 443, , proxy tomcat 8080 mod_proxy_httpd:

proxypass / http://localhost:8080/ retry=0 timeout=5 proxypassreverse / http://localhost:8080/

everything works fine, request client httpd secured, communication between httpd , tomcat not encrypted.

my question is: 1.would issue if communication between httpd , tomcat not encrypted? provided httpd , tomcat under same sever?

2.we transmitting sensitive data, such customer credit card information during payment processing, need implement ssl on tomcat (e.g.port 8443), , proxy request 443 secured tomcat port 8443? gonna secured client httpd tomcat, affect performance, since 2 way encryption/decryption needed.

we have been searching on issue, found no clear answers. appreciated.

if stick localhost (e.g. have apache httpd on same server tomcat) secure: if don't trust implementation of "localhost" networking, couldn't trust tls implementation on same server well.

you might gain performance having apache on different server tomcat. in case depend on network between both: routers, cabling etc. if don't trust network, might can work on. however, note have connection between tomcat , filesystems (temp files), databases, etc. - transport encryption nailed, data can still leak out of application if can't trust datacenter/network security.

we can't judge level can trust network, you'll have yourself.

note in case mention in question, tomcat have no idea connection has been made in https when forward on http (e.g.: browser -> apache https, apache -> tomcat http)

you can configure tomcat's connector assume connection secure (look secure attribute on connector's documentation), means absolutely need make sure never allow http connection forwarded connector. check if ajp (a different protocol) - forward of http(s) connection's properties tomcat. (me among them), don't.


Comments

Post a Comment

Popular posts from this blog

php - failed to open stream: HTTP request failed! HTTP/1.0 400 Bad Request -

this code i'm using find latitude , longitude of place: function coords($address){ echo $url="http://maps.googleapis.com/maps/api/geocode/json?address=".$address; $json = file_get_contents(urlencode($url)); $data = json_decode($json, true); print_r($data['results'][0]['geometry']['location']['lat']); print_r($data['results'][0]['geometry']['location']['lng']); } however returns warning: failed open stream: http request failed! http/1.0 400 bad request if use above code in simple procedure works fine not in function. note: have tried curl_init()... method produced same result? instead of encoding whole url encode address part. following code work fine $add='jamshoro phase 2'; $url="http://maps.googleapis.com/maps/api/geocode/json?address=".urlencode($add); $json = file_get_contents($url); $data = json_decode($json, true); print_r($data['r
Read more

java - How to filter a backspace keyboard input -

i have code gives message when key number pressed: txtvalueofclause.addeventfilter(keyevent.key_typed, new eventhandler<keyevent>() { @override public void handle(keyevent t) { char ar[] = t.getcharacter().tochararray(); char ch = ar[t.getcharacter().tochararray().length - 1]; if (!(ch >= '0' && ch <= '9')) { system.out.println("the char entered not number"); t.consume(); } } }); now if press on wrong button , press backspace remove it, error message. how can add backspace input if statement? i have found answer: txtvalueofclause.addeventfilter(keyevent.key_typed, new eventhandler<keyevent>() { @override public void handle(keyevent t) { char ar[] = t.getcharacter().tochararray(); char ch = ar[t.getcharacter().tochar
Read more

java - Show Soft Keyboard when EditText Appears -

i have code in android app, alert dialog , keyboard, , when dialog shown want keyboard appear. not , not sure why? here code: final alertdialog.builder alert = new alertdialog.builder(this); alert.settitle("title"); alert.setmessage("message"); final edittext input = new edittext(this); input.setinputtype(inputtype.type_class_number); alert.setview(input); input.setonfocuschangelistener(new view.onfocuschangelistener() { @override public void onfocuschange(view v, boolean hasfocus) { if (hasfocus) { log.i(tag, "in focus"); inputmethodmanager inputmethodmanager = (inputmethodmanager) getsystemservice(context.input_method_service); inputmethodmanager.showsoftinput(input, inputmethodmanager.show_implicit); } } }); but keyboard not appear though edit text in focus, , tell appear why, doesn't come up? thanks in advance.
Read more