passing attributes from mod_shib via proxy to an application

[Cantor, Scott]

On 5/16/19, 5:11 PM, "Marcus Schopen" <lists at localguru.de> wrote:

> Just convince me. It's an interesting discussion. Which arguments in
> detail move you to your opinion?

You essentially mentioned the usual two arguments, that the back end (aside from a localhost hop) can be "safe" and that there's value in low-end software purporting to do HTTP but not willing to be robust.

I don't think any back-end network is safe because it's just a bunch of finger pointing and assuming somebody will "make it safe" or that the "internal network is safe". I work in an enterprise like most, and I know both are often. Every case we have of proxying here has holes I could drive a truck through and the hand waving around them would sprain my ligaments. Even on the front-end, TLS issues and the use of shared wildcard certificates are a great example of what you end up with at scale. "Don't do that" is fine in theory but it doesn't really hold up, that's what usually gets done when you start down this road.

As far as the software goes, I think robustness is just a baseline, not a nice thing to have. Java web servers used to be unusable and people cared enough to make them robust and now they work perfectly well on their own (just in time for Oracle to kill Java, I guess). If it's worth running, it should be robust enough to run without a bunch of guard rails. If it's not capable of being a good web server, I think it should be something else and not a bad web server.
 
-- Scott