tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Costin Manolache <>
Subject Re: Lutris_Kelp: [Fwd: What Do We Do With The User's Classpath?]
Date Thu, 20 Jul 2000 02:39:42 GMT
> > - sysadmin upgrades the database and the driver
> > - All apps including FooBar driver will no longer work in Catalina,
> > because they use a (now) wrong driver.
> >
> But the sysadmin can know what apps he/she installed, and what libraries they have
> included, just be looking.  How does the *sysadmin* know that this particular app
> will work right with the new driver?  Seems like the smart admins would go back to
> the web app provider and ask ... and pull the now useless drivers from WEB-INF/lib
> if the app developer says yes.

If you run 3 applications, maybe.

If you run a server with 1000 apps ( like an ISP ) - you don't.

Same for application developer - if he design apps for his own small server - no
problem. If he writes apps that will run anywhere - he can't know even what database
will exist in the server !

- security issues:  drivers _need_ aditional permission, a big server can't grant them
on individual apps ( as soon as you implement policy-based security you'll know what
I'm talking about )

- more security issues: the VM and sandbox is tested with a certain ordering. There
are more than one way to access a class ( introspection, indirect via a different
class, etc). But that's not a big problem for tomcat since it is protected by facade,
it is still a problem who believe are secured by classloader. ( BTW, jdk1.3 adds some
more on this, and the direction seems clear )

- administration issues: a web server is supposed to run multiple applications (
and you can't change all apps when you upgrade the database.

> > It is more likely because (IMHO) the sysadmin knows better than the web
> > app developer what database it wants to use for his server and what is
> > the right driver.
> >
> > Another problem ( I repeated this case few times, it seems nobody reads my
> > mails :-( ) - you may have a database like Oracle where a native driver
> > exists and ( as Oracle claims) it's faster.
> >
> Oh your mails get read and analyzed all right.  It's just that there is more than
> one use case that you have to design servers and APIs for.  The class loader
> issues with Tomcat (which currently follows the "system class path first"
> approach) are proof enough that this is not optimal for everyone.

"system class path first" is followed by J2EE and most other apps around, and it's the
"safe" order ( i.e. tested ). It may be that all those people are wrong, of course.

> >
> > Not to mention that the webapp developer have no idea where the
> > application will run - it can be any server or any application.
> >
> And if you don't give the app developer control of the runtime dependencies of
> their app, they have no way to predict whether the app will run on any given
> server.

So who knows better what database run on a server - the webapp developer or the server
admin ? Who knows better what driver to use ?

Looking at how J2EE works, I guess the answer is not allways the one you sugest.

> Microsoft is finally learning the about the damage caused by DLL hell -- let's not
> recreate (or perpetuate) the same types of problems here.

So, a server where each application has its own set of DLLs is a better solution ?


View raw message