>
> Sounds cool, but I'll let someone a little more familiar with CGI speak to
the
> feasibility in Tomcat. I started out my dynamic-content life with ASP
(D'oh!),
> then moved to servlets (Woo-hoo!), so I was rather fortunate in that I got
to
> skip the whole CGI nightmare :-)
Good for you. If I really had a choice, I would not include CGI support at
all (isn't Tomcat just supposed to be a servlet container?). I don't know of
anyone who really uses CGI for anything "real" these days. It just sucks for
high performance sites and larger web applications. Now that we have
javax.servlet we don't need no stinkin' CGI. Before servlets I was was doing
CGI in C! yuck.
>
> > Currently I'm reviewing the Tomcat sources for embedding a servlet
> > engine in our application. The application is part of a distributed
intrusion
> > detection system, which needs some sort of web-based status/admin
> > interface.
>
> Cool! Do you guys have a beta or anything that I could check out yet? I'm
> always interested in checking out software that can help with security!
It is not a product that we are planning to have publicly available,
although we develop it in a commercial release-like fasion. We do have the
software running on about > 100 customer sites now. The company I work for
is Counterpane Internet Security (http://www.counterpane.com), and our
software team builds the tools that provide our monitoring service. I am
the lead Java guy for the event detection engine that runs on the "sentry"
intrusion detection box (no GUI, no human interface). We have plans to allow
customers to see the status of their network via an https interface. The
interface will also allow them to chat live with a security analyst (which
we have 24/7).
Right now we've integrated Acme server (and integrated https and login
session support ourselves, which was a royal pain). So, I'm trying to figure
out if we want to continue maintaining (fixing/rewriting?) the Acme server
or scrap it and go to something else. We want code that is small enough to
audit (for security), but functional enough to support servlets and secure
sessions.
