tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gregor Schneider" <rc4...@googlemail.com>
Subject Re: Securing Tomcat Article for Review
Date Wed, 10 Jan 2007 10:49:11 GMT
Hi Leon,

On 1/10/07, Leon Rosenberg <rosenberg.leon@googlemail.com> wrote:
> > In *our* scenario I rather have Apache http in front because
> >
> > - it performs better
>
> What?
> You can argue that httpd doesn't decrease security, but talking about
> it being fast??? Come'on you're kidding :-)
>
Sorry, but I don't get you here: How refers speed to security? Could
you pls explain what you mean here?

> Could you explain this a little more? How can it be that if you write
> out something from memory it's slower than ask the filesystem which
> could eventually have it in cache and be comparable fast in _best_
> case?
>
Simple:
Since our static html doesn't change too often, we could reach
significant perfomance-optimizations with optimized headers telling
the client how to cache.
Well, and mod_headers did a better job regarding performance than
using plain Tomcat with a filter modifying the headers of static html.
>
> Or do you use DefaultServlet???
>
Now you must be kidding ;)
>
> Also, if you care about static performance so much, why don't you use
> something fast? lighttpd? squid? I mean it's not a secret that apache
> httpd is NOT fast.
>
I can't explain our whole web-app in detail here, just that much:
We've developed our own SSO-procedure (since the whole wep-app
contains protected content served over SSL to authenticated users
only). It was just easier for us to use the combination of Apache
httpd and Tomcat since there's quite some stuff available.
Since now the performance meets our expectations, there's no need to
use other web-servers like squid.
besides, we got quite some knowledge regarding Apache here, so why
should we dump that (a matter of cost)?

Cheers

Greg
-- 
what's puzzlin' you, is the nature of my game
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message