tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Tangney <jtang...@knowledgeplanet.com>
Subject Singleton Revisited
Date Tue, 15 Aug 2000 21:39:38 GMT
I know this topic has been discussed at length, and yes, I have scoured the
archives. But I still have questions.

Exactly *how* dangerous is it to use a static (to implement the singleton
pattern) in a JSP/Servlet environment? In the thread on this subject from
last April 
(http://archives.java.sun.com/cgi-bin/wa?A2=ind0004&L=jsp-interest&P=R16455&
D=0&m=12686ITEM+ITEM+) various learned folks, including Craig, Kevin and Wes
et al. seem to be in agreement that if you don't "own" the VM, are likely to
get into trouble.

Trouble, it seems, comes in several flavors: 1) Your "singleton" gets GC'd;
2) multiple instances of the "singleton" can get made as more than one class
loader and/or VM are involved; or 3) an instance shared across more than one
application opens potential security holes.

My question is just how bad is this? I have a single application (using
Craig's struts f/w) comprised of 2 or 3 servlets, we run under tomcat
(eventually under apache) and no one else runs any servlets on that host. We
run under JDK1.3.

How vulnerable am I? It seems to me that I can probably forge ahead and use
the singleton pattern with impunity. Has anyone had any *first hand*
problems with singletons?

Thanks!
--johnt


Mime
View raw message