This is an interesting discussion. Are there any guides to alleviating management work of such deployments? For example, how do you deal with the port mapping? Or logs - do you collect at a common location or let each app log in its corner ? Can you share configuration across instances such as SSL, JNDI configuration, etc? Any blogs to such approach?
-----Original Message----- From: Christopher Schultz <ch...@christopherschultz.net> Sent: Wednesday, October 31, 2018 9:29 AM To: users@tomcat.apache.org Subject: Re: Number of Web Applications in one Tomcat: THANKS! -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Guido, On 10/31/18 05:14, Jäkel, Guido wrote: >> Has anyone ever attacked one of your web applications? There are some >> fun ways to make an application use a huge amount of memory. >> Just because the applications themselves are behaving doesn't mean >> that all the users are behaving. >> >> For example, do you have a max POST size set for your application? If >> not, I can send your login form a username that is so long it might >> exhaust your heap. 2147483647 characters is a LOT of characters. >> >> If you have a max POST size, maybe you don't filter-out PUT requests, >> and have Tomcat parsing those for you. Same problem, there. > > Dear Chris, > > But that's no argument for or against running more than one > application per Tomcat: If you're not aware of such things, one may > attack your other Tomcats in the same way because of identical > configuration. Yes and no. Presumably, more than one application means more resources required in general. Since each application might experience "peak" usage simultaneously, you must over-provision *for both*. That actually *helps* you against the kind of attack I proposed (more memory is slightly more difficult to fill than less). On the other hand, each application has different requirements. Perhaps one application needs to be able to accept file uploads while the other one does not. That means that the application which need not accept large POST requests is now vulnerable because of a shared resource 9memory) which the other application can allow attackers to consume. > Of course, if you plan to run a couple of applications per Tomcat, you > may also plan to spread it to more than instance to have a fail-over > or load balancing . But even if you use a HA-cluster with one App per > cluster member: If one is able to crash the Application by a Request > on one cluster member, this might be repeated on the other members > without noteworthy costs. Cascade failures can indeed be a serious problem. It's generally more difficult to crash a Tomcat instance with a single request. It usually requires multiple requests (sometimes concurrently) and so that provides the admin more opportunities at mitigation. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlvZykEACgkQHPApP6U8 pFiq+A/8DVWiQY6dZhlclS6IkN/Mah2iyslgpTrqASAO4ZkUf8bj9mZKR/FK0wEn zBJyYz0K4YxZY5HKFn9oVE2WGQOIJAf3FXh/GY1OFb7PtFanU65QS9q7MCj+TmLX D1lMfI4MjXqV6NTZsdPXwstCpKxFZ1MMpC6fjCO1cS3vE9pKYn8+OpUWgsL/e5Jj uqj925911/ZNOUxtibG7E5l9uafadxHhVRa3XYOHzSq6t2+lvQ1NXmMYtDUIyatQ IeMm++HML1RJBIYe38cMyq5IFg+uPkD5wnPHIFcS3kIkGv8nWBAL8xs+QPsEQoRa I+tWoMJ5T5Yd+x8aP7ifHGtRs3PHczl07ZS5MJPwL/TUUaYolEYuvo+nMW0sJ6mX 75G6KBexS2oMww+m6jcBIZy9HEsi9LfZhWrUP71D3z86y6pbJLHqW9WfnfK+UH8B MhOv+++xH6I8sLPPMikvy33Ppt8UfGJneyqOn6DXftw9ri4mXZQLs7XyzQWRjEmF XWaWKWE8XtyVJwgr2S9Dt4HUJiOjMjcG5DhHXossBMwqemh6PYcbe1/LXAsv7t++ 7jOOTgTiBHpgN6Ot5K1Q6qCbs9HvWXQBrDf9ycVsqAejV5gPIFqepoj9iPhFbKd+ Px+s18DcwoB6MgXRT5WtGgEsqRNOScdiC+PrJyzsoGN5MHsHxCI= =GK5X -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
