Is AJP secure enough?
We need to host java richfaces / hibernate application in our hosting service. As a requirement of our security department, we are unable to connect this application to our internal databases. One of the suggested solutions was to create an internal web service, but changing the entire database layer was difficult. I want to use AJP instead. Is it safe enough?
[Edit] By referring to this, I mean that apache httpd will serve https and by wrapping AJP to log into our back-end servers is it possible to control the channel (plaintext)? I can't find any documentation for the protocol itself.
source to share
AJP is a direct replacement for HTTP between the webserver interface and the backend application server. Thus, it is no more or less secure than HTTP. If you choose AJP, you choose it purely for performance reasons, nothing else. If you are considering this for other reasons, you need to reconsider your requirements.
source to share
Is it safe for what? Monitoring Plaintext over the network? Provide enough security that the average SO reader can't intercept and read it? Or NSA?
Security is a trade-off and you need to determine which attacks you are trying to repel and how much effort you are going to put into. I know I don't answer your question, but I don't believe this question can be answered without thinking about it.
source to share