T
Tim Hutchens
Guest
I think we are essentially in the same boat. It felt like Progress was recommending the AJP approach (for multiple reasons including load balancing, I think), so I'm waiting to hear what they recommend next. It seems like the immediate recommendation would be to fall back to HTTPS proxies, but like you mentioned, I'd prefer not to manage certificates on my PASOE servers. The NIST vulnerability David Cleary referenced ( NVD - CVE-2020-1938 ) seems to be flagged as a high risk, but perhaps the way your application is written, it doesn't expose the high risk part (such as if your application doesn't have any file upload feature that stores the files in the application directories), you may feel that the risk in your environment is not worth abandoning AJP. Tim
Continue reading...
Continue reading...