tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Turner, John" <JTur...@AAS.com>
Subject RE: difference between apache and tomcat webserver
Date Fri, 10 Jan 2003 13:03:36 GMT

On UNIX/Linux, ports less than 1024 are privileged ports.  To run a service
on them, you have to run the service as root.  Running services as root is
generally a bad idea:  an exploit like a buffer overflow can allow access to
the operating system via that service, and since the service is running as
root, the exploiter now has root access.

Apache starts up as root, but uses child processes running as a non-root
user with (preferably) very limited access to actually serve HTTP and HTTPS
requests.  Tomcat does not do this, and even though there are security
measures built-in to the JVM, many people do not feel comfortable running
Tomcat as root on a publicly accessible port like port 80.  So, they use
Apache on port 80, and "hide" Tomcat "behind" Apache.  

John


> -----Original Message-----
> From: Deepa Raja [mailto:Deepa.Raja@leeds.orange.co.uk]
> Sent: Friday, January 10, 2003 4:38 AM
> To: Tomcat Users List
> Subject: RE: difference between apache and tomcat webserver
> 
> 
> Hi Julius
> 
> could you please enlighten me on the following line please. 
> 
> 'Feels safer when using port < 1024 on linux/unix.'
> 
> Thanks
> Deepa
> 
> -----Original Message-----
> From: Julius Davies [mailto:juliusdavies@cucbc.com]
> Sent: Thursday, January 09, 2003 10:28 PM
> To: Tomcat Users List
> Cc: jkrp123@yahoo.com
> Subject: RE: difference between apache and tomcat webserver
> 
> 
> 
> krip pane,
> 
> > I was under the impression that apache is needed to
> > serve the jsp pages - looks like not.
> 
> Too many people are under that impression.
> 
> > what is the advantage or disadvantage of
> > installing/using apache as your webserver and
> > installing some connector (i.e. mod_jk) to use with
> > tomcat.
> 
> Advantages of using apache with tomcat:
> 
> - Feels safer when using port < 1024 on linux/unix.
> - Works together very well with lots of other web stuff (cgi, 
> perl, php).
> - All the extra modules, for example: https.
> - Everybody's doin' it.
> 
> Notice that I don't include "speed of serving static files 
> and images".
> This is because, frankly, if you're hosting a dynamic web 
> site, static files
> are the least of your problems.  Tomcat is just as fast at 
> sending a "304 -
> Unmodified" response as Apache is, and that's all that matters.
> 
> Disadvantages of using apache with tomcat:
> 
> - Much, much harder to get everything working.  As you've 
> discovered, it
> takes about 2 minutes to get Tomcat up and running!  You will 
> spend hours,
> if not days, learning to pair Tomcat up with Apache.  At 
> least judging from
> this mailing list.  I've never done it!
> 
> yours,
> 
> 
> Julius Davies, Programmer, CUCBC
> Email: juliusdavies@cucbc.com, Ph: 604.730.6385
> 
> The contents of this message are my own personal opinions, 
> and not those of
> CUCBC.
> 
> 
> > -----Original Message-----
> > From: krip pane [mailto:jkrp123@yahoo.com]
> > Sent: Thursday, January 09, 2003 2:05 PM
> > To: tomcat
> > Subject: difference between apache and tomcat webserver
> > 
> > 
> > All,
> > 
> > I hope I am understanding and asking this answer
> > correctly.  I recently installed tomcat 4.1 with
> > default values and was able to server jsp pages.
> > 
> > I was under the impression that apache is needed to
> > serve the jsp pages - looks like not.  So the question
> > is what is the advantage or disadvantage of
> > installing/using apache as your webserver and
> > installing some connector (i.e. mod_jk) to use with
> > tomcat.
> > 
> > Thanks
> > 
> > __________________________________________________
> > Do you Yahoo!?
> > Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> > http://mailplus.yahoo.com
> > 
> > --
> > To unsubscribe, e-mail:   
> > <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > For additional commands, e-mail: 
> > <mailto:tomcat-user-help@jakarta.apache.org>
> > 
> > 
> 
> --
> To unsubscribe, e-mail:
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
> <mailto:tomcat-user-help@jakarta.apache.org>
> 
> 
> 
> 
> --
> To unsubscribe, e-mail:   
<mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:tomcat-user-help@jakarta.apache.org>

--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message