tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Caldarale, Charles R" <Chuck.Caldar...@unisys.com>
Subject RE: POST replication
Date Wed, 18 Nov 2009 19:43:22 GMT
> From: João Nuno Silva [mailto:jnss81@gmail.com]
> Subject: Re: POST replication
> 
> 1) I want to have an authentication module that's independent of the
> servlet container used (because I think this behavior of request replay
> isn't a standard, but I might be wrong...);

The servlet spec requires that the container retain the original request so it can be replayed
if authentication succeeds.

> 2) I believe I can better optimize session creation to reduce memory
> usage (because I won't save the previous request in session).

It doesn't really matter where you save the request; it will still consume the same amount
of heap space unless you slow things down by writing it to disk (and thereby create a host
of other problems for the normal path).

> I think this way I can be more tolerable to DoS attacks from 
> unauthenticated users;

I don't see how that follows.

> 3) I'm learning a few things in the process of reinventing this wheel ;)

That one I'll buy.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus
for use only by the intended recipient. If you received this in error, please contact the
sender and delete the e-mail and its attachments from all computers.

Mime
View raw message