Dear list, I'm faced with the following "architecture" of an application: - Linux Server (small VM) with MySQL-DB, accessible via SSL from outside of the server, access is limited to a set of users - Client is a .NET-Application connecting to the DB with one user for each installation since this is not a very good architecture from several point of views I am thinking about changing it: - develop own Apache module offering REST services (one endpoint (resource part of url) for each operation) - use JSON as data format for GET/POST requests - let Apache handle SSL and authentication (authentication in the meaning of "general access" to the services) - manage permissions to protected data in DB and handle authentication to access this data by the new Apache module The decision to develop an Apache module instead of using Tomcat/Java is to avoid additional load on server, since Apache is already active. And I'm a C/C++ geek but not for Java. ;-) Questions to the list: - Am I one the right way? - Is there something missing from the security point of view? - Is there something pre-compiled for parsing JSON data in Apache modules (didn't find something, only Apache independent libs) Thanks in advance Torge --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx