Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Tomcat Developers List" <tomcat-dev@jakarta.apache.org>
Date: Fri, 22 Mar 2002 13:13:36 -0800 (PST)
From: <costinm@covalent.net>
To: Tomcat Developers List <tomcat-dev@jakarta.apache.org>
Subject: Re: [VOTE] Tomcat 4.0.4 Beta 2 / Coyote 1.0 Beta 4 release
In-Reply-To: <001001c1d1d8$8116a2d0$64859181@apache.org>
Message-ID: <Pine.LNX.4.33.0203221310140.13075-100000@localhost.localdomain>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Fri, 22 Mar 2002, Remy Maucherat wrote:

> > > below). The Coyote connector will *not* be enabled by default, but will
> > > appear commented out in the default server.xml configuration file.
> >
> > +1 on enabling it by default, commenting out the old connector.
> 
> I didn't propose to do that, because, although the new connector appears
> robust and stable, there's the risk that it would have new bugs, or, even
> worse, (re)introduce some security problems. I took great care of adding all
> the URL normalization code from the old connector, so that it shouldn't
> happen, but I'd say it would still be a significant risk to make it the
> default without some extensive beta period. Since there will be such a beta
> period for 4.1, I think it is a lot safer to postpone making it the default
> for now.
> 
> Comments ?

The code is clearly better and cleaner than the old connector, that means 
more maintainable and easier to fix and review - if there's any problem. 
And cleaner code is usually more secure :-)

But I agree it's safer to do it gradually, however I hope 4.0.5 and 
3.3.2 will have coyote as the default connector.


Costin


--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>