WebApp Sec mailing list archives
Q: Howto - SSL Tunnel for End-to-End encryption
From: "Ip, Ting Pong" <pong () cs ust hk>
Date: Sun, 27 Apr 2003 16:53:33 +0800
Hi all, I am now researching on the implementation of end-to-end encryption for the following typical web application architecture. [Web Client] <-> [Web Server (Apache)] <-> [Application Server (WebLogic)] <-> [Database Server (Oracle)] I would like to make an end-to-end encryption from the web client to application server so that no intermediate nodes could read the transmitting traffic. However, I found that the Apache SSL-Proxy module would initiate the SSL connection from the web server to the Application Server. Besides, the SSL connection from web client will terminate on the web server. Therefore, in either case, the web server can read the transmitting traffic. I am thinking that to "rewrite" or "redirect" the web connection from the web server to the application server but this would expose the application server to the public. Other than implementing the end-to-end encryption on the application level, are there any network architecture that can achieve end-to-end encryption without bypassing the web server? Thank you very much. Pong
Current thread:
- Q: Howto - SSL Tunnel for End-to-End encryption Ip, Ting Pong (Apr 27)
- Re: Q: Howto - SSL Tunnel for End-to-End encryption Cyrill Osterwalder (Apr 28)
- <Possible follow-ups>
- Re: Q: Howto - SSL Tunnel for End-to-End encryption Chandrashekhar B (Apr 28)