tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject Re: Tomcat as a standalone webserver. Why not?
Date Sat, 03 Jun 2006 13:11:17 GMT

On Jun 2, 2006, at 12:19 PM, Remy Maucherat wrote:

> On 6/2/06, Jim Jagielski <jim@jagunet.com> wrote:
>> IMO, if you need to move out of "pure Java" in your Java Web
>> Server to get acceptable performance, then why use it in
>> the first place? Plus, if you are "concerned" about the
>> security of Apache (cause it's nasty C) and therefore
>> want to use a Java Web Server, then using JNI means
>> you've left that warm and safe place, since you are
>> no longer "safe" in a pure Java environment.
>>
>> Web Servers are web servers primarily, focused on
>> HTTP, compliance, speed and capability. Use the
>> right tool for the right job :)
>
> We know what your company recommends, thank you very much :)

What company is that?... jaguNET? And who brought
companies into this? *I* recommend using web servers
for web server functions. Or are you someone implying
that every post by anyone is somehow a post by some
corporate shill? If so, that's a pretty paranoid
and sad point of view.

>
> Do you also mean to imply that the network code in the JVM is not
> native, and cannot have any security problem, etc ? Using APR replaces
> that native code and uses the one from the ASF instead.
>

Why do people program in Java? Because it's "safe", meaning
you can't have buffer overflows, etc... When you pull
in native C (outside of the JVM), you lose all that nice
safety that is *PART* of the JVM and Java itself. Someone
mentioned that they didn't want to have "Apache" in there
because it wasn't as secure as TC (presumably because [1]
it's used more often and therefore a bigger target and
[2] that it's written in C and therefore more prone
to coding errors that cause security risks), and the
above point directly responds to that thought.

If you "trust" APR, then you should also "trust" HTTPD :)

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message