Inline:
> Date: Sun, 2 Mar 2008 17:59:00 -0600
> From:
wrowe@xxxxxxxxxxxxx> To:
users@xxxxxxxxxxxxxxxx> Subject: Re: Unencrypted Channel From Web Server To App Server
>
> James Ellis wrote:
> > Is it correct to say that in a typical Browser-Apache Web Server-Tomcat
> > App Server setup, the SSL connection generally terminates at the Apache
> > web server and the traffic between Apache and Tomcat (to the AJP
> > connector) is unencrypted? If I am correct that this is the "usual"
> > setup, then isn't this a pretty big security flaw since the DMZ is
> > supposed be only "partly" safe?
> >
> > If someone were to crack into the DMZ and could sniff network traffic,
> > then they could in theory listen in to traffic and grab all of it in an
> > unencrypted state (which may include credit card information, usernames,
> > passwords etc).
>
> Yes. This design relies on the integrity of the network beyond the DMZ.
I am assuming the following design:
browser
FIREWALL (BEGIN DMZ)
web server
FIREWALL (END DMZ)
app server/database server
You say it relies on the integrity of the network "beyond" the DMZ, but my point is that doesn't this design also rely on the integrity WITHIN the DMZ? Since SSL is ending at the web server here...traffic from the web server to the app server would be unencrypted...
>
> A good solution is to use proxy_http over ssl and the https connector for
> the last mile, if this is a concern in the environment you have deployed.
