It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
Our Web Application will be in production soon. We are going to use Load Balancing for this WAR for more redundancy.
I am a Java developer, so please excuse if my question with respect to load balancing is basic.
Right now the WAR is deployed on two Linux servers (Server A and Server B).
These two servers have TomCat installed with similar directory structures.
The WAR will be using a property file defined under the tomcat/bin directory and this property value is different for these two servers.
These two servers have different IP addresses.
Please let me know if Load Balancing will be any issue in this case ?
It shouldn't be an issue if you don't expect users' sessions to persist across the two servers. For example, if a given user is logged in and in session of the web app and suddenly that server goes down, you would expect the load balancer to transparently transfer the user to the other server. This by default would result in a new session being created on the other server's tomcat instance, hence making the user lose their session data (if not persisted in the DB), have to re-login, etc.
Typically you can configure the app servers and the load balancers to enable sticky sessions so that the single session is can be maintained across the farm. This setup is typically more complicated. So if you don't have a requirement to have the session carry across the two instances, you should be ok.
Related
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 9 years ago.
I know all the details about tcp and udp and how they provide transport level support for applications but what I am interested in is how tcp/udp is actually implemented in a host system. Is it via a number of system/function calls or is it a daemon process running which continually takes data from its buffers and encapsulates before writing to device driver buffer?
It's a pretty broad question and it's going to depend what system you're using and what facility the applications are using.
But in general, unix/windows use sockets to communicate using tcp. You send/receive data using a socket by doing system calls (there are a few different ones). So it's implemented in the kernel not through a userspace daemon on these systems.
It is a module that runs in kernel space as part of a networking protocol stack. Applications communicate with it via system calls, e.g. Socket(), connect(), accept(), recv(), send().
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
Everything these days has to operate in a TCP-friendly environment. Even in area and applications that use UDP, we still see some TCP tendancies.
Is anyone aware of any applets or applications that are well-suited for a TCP environment but are intended to operate in a UDP world?
Well the need for TCP or UDP depends on the requirement of the applet or application.
If we look into benefits of TCP
High Reliability (Connection Oriented)
Low Level Error Handling and Packet Resending
Ordered (Sequential Transmission of Bytes)
And UDP is complete opposite of this.
For your question Peer to Peer File Sharing Applications like (Bear Share, Lime etc), since there are transferring files should ideally be running on TCP because of the above reasons. But they run in UDP because of the following reasons.
A File will not be downloaded from one peer but from multiple peers chunk by chunk (From multiple seeds)
A Connection can not be created and maintained because Peers may be turned off (Shutdown or Internet Disconnect) without knowledge.
So it is up to the requirement of the application
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
I want to use HTTPS in a secure application, but replacing the symmetric encryption algorithm into a self-defined one.
I'm not quite sure how to achieve this goal. Is it possible to replace the relevant library to a self-defined one? For example, using OpenSSL?
To be more specific, in the first stage, I need to do it on win32 platform, could anyone tell me how to begin?
Of course you can. Even if the operating system, the network stack, or your programming framework provides SSL/TLS functionality you can simply open a regular TCP connection and then communicate SSL encrypted using your own library.
Therefor the answer is yes - always and on every platform which supports regular TCP connections.
Yes you can - you need to create a client and server that implement the SSL protocol. SSL uses cipher suites to communicate the algorithms to be used in the protocol, and you could define your own one.
From the TLS specifications (TLS 1.0, but I asume this hasn't changed) :
"All cipher suites whose first byte is 0xFF are considered private and can be used for defining local/experimental algorithms. Interoperability of such types is a local matter."
Use an open source library (preferably one with readable source) and change that.
As said in the comment, defining your own protocol/algorithm is very likely to severely impact security of SSL/TLS.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
How can i decrypt https with a network sniffer like wireshark or fiddler, without having administrative access to the server? For example if i log onto gmail, how can i set up wireshark from my computer to read all the http headers over the tls? I see tutorials online for decrypting https with wireshark, but they all say i need access to the private key of the server, and I assume this means that it is impossible to decrypt anything like the example i mentioned, gmail, is this correct or not?
To justify the s of https we agreed not to be able to decrypt network traffic.
Fiddler will do this from your pc if you turn on the decrypt https option. You can only do this for your traffic not others.
http://www.fiddler2.com/Fiddler/help/httpsdecryption.asp
It is true that in the general case, you cannot do this.
The only way to do this without the server key would be to launch a man-in-the-middle attack, such as with a tool like sslsniff or a proxy server with a known key. If needed, you could even create your own CA and instruct your browser to trust it, and issue your own private key+cert for what you wanted to sniff; then you could sniff your own traffic to the target.
In principle, you reasonably cannot do that, since it is the very purpose of HTTPS to ensure privacy of the connection.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
I heard someone saying that a "port should be opened" , said a person inside a closed room in our company. So I wonder that it is possible to close a port ! So is it true that a port can be closed and/or opened ? If so how to close it , and how to open it ?
Depending on you operating system, the firewall can be configured to block traffic on selected ports.
For example, on Windows 7, you can do this by opening the firewall advanced settings and creating a new rule for incoming/outgoing traffic.
I think the ports he is talking about is operating system related ports but not hardware related. Operating systems ports lie unused until a certain number, in which OS uses lot of ports for its internal functions. But sometime when a user wants to run a software like server and access it, he has to do it through one of the port. However hardware ports also can be thought as opened and closed, unless you connect it with a cable. Be it a mouse or anything, otherwise ports are opened, if cable is unused.