-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Guido,
On 10/31/18 05:14, Jäkel, Guido wrote: >> Has anyone ever attacked one of your web applications? There are >> some fun ways to make an application use a huge amount of memory. >> Just because the applications themselves are behaving doesn't >> mean that all the users are behaving. >> >> For example, do you have a max POST size set for your >> application? If not, I can send your login form a username that >> is so long it might exhaust your heap. 2147483647 characters is a >> LOT of characters. >> >> If you have a max POST size, maybe you don't filter-out PUT >> requests, and have Tomcat parsing those for you. Same problem, >> there. > > Dear Chris, > > But that's no argument for or against running more than one > application per Tomcat: If you're not aware of such things, one > may attack your other Tomcats in the same way because of identical > configuration. Yes and no. Presumably, more than one application means more resources required in general. Since each application might experience "peak" usage simultaneously, you must over-provision *for both*. That actually *helps* you against the kind of attack I proposed (more memory is slightly more difficult to fill than less). On the other hand, each application has different requirements. Perhaps one application needs to be able to accept file uploads while the other one does not. That means that the application which need not accept large POST requests is now vulnerable because of a shared resource 9memory) which the other application can allow attackers to consume. > Of course, if you plan to run a couple of applications per Tomcat, > you may also plan to spread it to more than instance to have a > fail-over or load balancing . But even if you use a HA-cluster > with one App per cluster member: If one is able to crash the > Application by a Request on one cluster member, this might be > repeated on the other members without noteworthy costs. Cascade failures can indeed be a serious problem. It's generally more difficult to crash a Tomcat instance with a single request. It usually requires multiple requests (sometimes concurrently) and so that provides the admin more opportunities at mitigation. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlvZykEACgkQHPApP6U8 pFiq+A/8DVWiQY6dZhlclS6IkN/Mah2iyslgpTrqASAO4ZkUf8bj9mZKR/FK0wEn zBJyYz0K4YxZY5HKFn9oVE2WGQOIJAf3FXh/GY1OFb7PtFanU65QS9q7MCj+TmLX D1lMfI4MjXqV6NTZsdPXwstCpKxFZ1MMpC6fjCO1cS3vE9pKYn8+OpUWgsL/e5Jj uqj925911/ZNOUxtibG7E5l9uafadxHhVRa3XYOHzSq6t2+lvQ1NXmMYtDUIyatQ IeMm++HML1RJBIYe38cMyq5IFg+uPkD5wnPHIFcS3kIkGv8nWBAL8xs+QPsEQoRa I+tWoMJ5T5Yd+x8aP7ifHGtRs3PHczl07ZS5MJPwL/TUUaYolEYuvo+nMW0sJ6mX 75G6KBexS2oMww+m6jcBIZy9HEsi9LfZhWrUP71D3z86y6pbJLHqW9WfnfK+UH8B MhOv+++xH6I8sLPPMikvy33Ppt8UfGJneyqOn6DXftw9ri4mXZQLs7XyzQWRjEmF XWaWKWE8XtyVJwgr2S9Dt4HUJiOjMjcG5DhHXossBMwqemh6PYcbe1/LXAsv7t++ 7jOOTgTiBHpgN6Ot5K1Q6qCbs9HvWXQBrDf9ycVsqAejV5gPIFqepoj9iPhFbKd+ Px+s18DcwoB6MgXRT5WtGgEsqRNOScdiC+PrJyzsoGN5MHsHxCI= =GK5X -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
