tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeff Tulley" <>
Subject Re: [OT] Apache and Tomcat together
Date Wed, 14 Jan 2004 17:02:27 GMT
I always think of the security of Apache not in terms of features
provided, but number of eyeballs scrutinizing.  Apache is SO widely used
that I would think it is safe to say that exploits would be found
sooner.  Not enough people using Tomcat use the built-in HTTP stack, and
so I wouldn't rely on it being completely exploit free (though our
confidence level is pretty high, of course).

>>> 1/14/04 3:42:00 AM >>>

"achana" mentioned security. Well, Apache has more HTTP Authentication
than Tomcat does (although JDBC realm can go against any DB). We dons't
Kerberos HTTP Auth (SPNEGO authentication method), which comes in handy
with the 
deployment of Microsoft's Active Directory.


To unsubscribe, e-mail: 
For additional commands, e-mail: 

Jeff Tulley  (
Novell, Inc., The Leading Provider of Net Business Solutions

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message