tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <>
Subject Re: Tomcat as a standalone webserver. Why not?
Date Sat, 03 Jun 2006 13:11:17 GMT

On Jun 2, 2006, at 12:19 PM, Remy Maucherat wrote:

> On 6/2/06, Jim Jagielski <> wrote:
>> IMO, if you need to move out of "pure Java" in your Java Web
>> Server to get acceptable performance, then why use it in
>> the first place? Plus, if you are "concerned" about the
>> security of Apache (cause it's nasty C) and therefore
>> want to use a Java Web Server, then using JNI means
>> you've left that warm and safe place, since you are
>> no longer "safe" in a pure Java environment.
>> Web Servers are web servers primarily, focused on
>> HTTP, compliance, speed and capability. Use the
>> right tool for the right job :)
> We know what your company recommends, thank you very much :)

What company is that?... jaguNET? And who brought
companies into this? *I* recommend using web servers
for web server functions. Or are you someone implying
that every post by anyone is somehow a post by some
corporate shill? If so, that's a pretty paranoid
and sad point of view.

> Do you also mean to imply that the network code in the JVM is not
> native, and cannot have any security problem, etc ? Using APR replaces
> that native code and uses the one from the ASF instead.

Why do people program in Java? Because it's "safe", meaning
you can't have buffer overflows, etc... When you pull
in native C (outside of the JVM), you lose all that nice
safety that is *PART* of the JVM and Java itself. Someone
mentioned that they didn't want to have "Apache" in there
because it wasn't as secure as TC (presumably because [1]
it's used more often and therefore a bigger target and
[2] that it's written in C and therefore more prone
to coding errors that cause security risks), and the
above point directly responds to that thought.

If you "trust" APR, then you should also "trust" HTTPD :)

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message