Feature #5184
enable non-SSL mode for Jetty
Status:
New
Priority:
Normal
Assignee:
-
Target version:
-
Start date:
Due date:
% Done:
0%
billable:
No
vendor_id:
GCD
Related issues
History
#1 Updated by Greg Shah about 3 years ago
We don't recommend ever using anything except SSL. This includes the scenario where the systems are only running on a private network with no direct Internet access. The reason: any breach of the internal network OR any malicious internal staff can read any security-sensitive data including passwords and confidential information. Without SSL, the system's security simply lacks any depth.
Regardless of this, some customers may decide to take this risk. They may only provide external access via a web application firewall/proxy that terminates the SSL. This might be done to maximize performance at the cost of the added risk.
This task is meant to write the changes needed to choose this if needed.
#2 Updated by Greg Shah about 3 years ago
- Related to Feature #5170: add support for cloud-based load balancing and WAF added