Project

General

Profile

Feature #5184

enable non-SSL mode for Jetty

Added by Greg Shah about 3 years ago. Updated about 3 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Target version:
-
Start date:
Due date:
% Done:

0%

billable:
No
vendor_id:
GCD

Related issues

Related to Runtime Infrastructure - Feature #5170: add support for cloud-based load balancing and WAF New

History

#1 Updated by Greg Shah about 3 years ago

We don't recommend ever using anything except SSL. This includes the scenario where the systems are only running on a private network with no direct Internet access. The reason: any breach of the internal network OR any malicious internal staff can read any security-sensitive data including passwords and confidential information. Without SSL, the system's security simply lacks any depth.

Regardless of this, some customers may decide to take this risk. They may only provide external access via a web application firewall/proxy that terminates the SSL. This might be done to maximize performance at the cost of the added risk.

This task is meant to write the changes needed to choose this if needed.

#2 Updated by Greg Shah about 3 years ago

  • Related to Feature #5170: add support for cloud-based load balancing and WAF added

Also available in: Atom PDF