tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Crowther <Peter.Crowt...@melandra.com>
Subject RE: redirection
Date Wed, 01 Apr 2009 14:22:06 GMT
> From: fredk2 [mailto:fredk2@gmail.com]
> I would be better...The apache httpd web server is more
> versatile

Irrelevant to this problem.

> and its vulnerabilities are better researched.

References for that assertion?  I'm not disagreeing, I'd just be interested in the hard data.

> You can also add
> mod_security and
> other modules to further protect the Tomcat against common
> attacks (assuming you do not use a WAF firewall).

And, indeed, that Apache + mod_security + mod_jk + Tomcat has fewer vulnerabilities than just
Tomcat.

> Furthermore you can add more Tomcats and
> balance when needed...

Irrelevant to this problem, though I agree with you in the general case.

> also on unix if you do not use jsvc or
> iptable you
> need to run tomcat as root for port 80 which is not a good
> idea...etc...

True, but that's like saying "if you do not have a lock on your front door, your front door
will not be locked which is not a good idea."  Why would anyone *not* run using jsvc or iptables?

                - Peter

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message