Brock Noland wrote: > Greetings, > > Many people are using pound ( http://www.apsis.ch/pound/ ) to proxy > traffic from port 443 to another port using the local interface. > > > i've used pound to greatly expand the capacity of single threaded java webserver on a 8core system. very slick. unwrapping the ssl traffic to pass onto non-ssled webservers does slightly increase your exposure. If at some point a root exploit or privilege escalation was discovered in your system it would make it easier for an attacker to sniff the traffic. (ok, so i have never actually tried to sniff on lo, but i imagine it would work) yep, i just tried and i was able to capture my local nfs traffic. It really does depend on how much you trust the local machine, for a secure webserver there should not be such a thing a local user other than the one you use to admin the server, there also should be a strong firewall protecting you both ways limiting access.