----- Original Message -----
>
> It's an experimental feature which is available in our CVS source tree...
> You might want to check out the "service" directory in the
> "jakarta-tomcat-4.0" CVS repository.
Ah! I see it. Nice.
>
> > Currently I'm reviewing the Tomcat sources for embedding a servlet
engine in
> > our application. The application is part of a distributed intrusion
> > detection system, which needs some sort of web-based status/admin
interface.
>
> Cool, check out Tomcat 4.0's Embedded classes in the o.a.catalina.startup
> package. It'll help.
Thanks for the pointer. "o.a" is short for "org.apache"?
What I was really wanting to evaluate was how you guys are managing
"sessions" and how sessions information could possibly leak out via the
filesystem, memory, or other ways. The application we are running runs in a
hostile environment (remote offices, may or may not have firewall, etc). For
example, some webservers had an example servlet installed that when invoked,
you'd see a list of current session IDs. Very bad (session hijacking).
>
> > As for contributing to Tomcat, I'm not sure what needs to be done (bug
> > fixing? testing? code review? refactoring?). I'm assuming that the TODO
list
> > is maintained in CVS? Is there any other software architecture
documentation
> > besides what's on the jakarta website and the sources?
>
> Err... We don't have a TODO list... :) At least so far for 4.0 :) I'll try
> to manage to do something for the WebApp module and the Service code.
>
I think i'll browse the sources for now :-)
> Pier
