tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Funk <funk...@joedog.org>
Subject Re: Deploying TOMCAT on live production server
Date Mon, 03 Nov 2003 16:47:41 GMT
It depends. One would argue that tomcat by itself is more secure because
1) Its only one thing to defend
2) Don't need to worry about any apache exploits

OTOH
1) Apache has been hardened - its exploits are rare and when exposed are 
quickly fixed. (Tomcat's eploits are also quickly fixed too)
2) Apache can act as a barrier to prevent exploits from happening in tomcat 
(or exploits written into webapps)

IOW, different strokes for different folks.

-Tim

Steve Jenkins wrote:

> Thanks to one and all for their responses, particularly for the URL:
> http://jakarta.apache.org/tomcat/faq/connectors.html#integrate
> My final question is - is deploying TOMCAT on its' own secure enough? Or is
> deploying just Apache secure enough?



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message