On 1/10/07, Gregor Schneider <[EMAIL PROTECTED]> wrote:
Hi Leon,
On 1/10/07, Leon Rosenberg <[EMAIL PROTECTED]> wrote:
>
> Aehm,
> the original thread was about security, and now you wrote "performs"
> better, which I assumed referred to "performance". If not - my fault
> :-)
>
Well, we moved kinda of-topic here, sou you got me right.
kind of :-)
What I actually wanted to say was:
- I absolutely agree to Markus who said
* don't use software if there's no need for it
* don't try to use Apache httpd to enhance Tomcat's security
However, I just wanted to emphesize that Apache/httpd / Tomcat is
quite a common real-world-scenario and due to this nobody should worry
that Apache httpd is BREAKING Tomcat's security AS LONG YOU KNOW YOUR
WAYS ROUND.
After that, I was asked why using Apache httpd anyways, and I tried to
explain why (because *here* it performs faster)
Actually, on my private server I do use an apache in front of 3
webcontainers (2 of them resin, one tomcat), but I have my reasons :-)
Mainly because I wanted all three to be accessable at port 80. And
because my sysadmin knows how to configure httpd, but not tomcat, and
his rate are lower than mine are, so its effectively cheaper:-)
So I'm not saying (and wasn't saying either) that there are NO REASONS
to run apache httpd with tomcat, but if you remember how this thread
started, the author of the article and OP suggested in his article to
put an apache / iis in front of tomcat to INCREASE security, and this
was imo a false thought.
I think we both now can agree that there are millions of absolutely
valid reasons
to run a httpd-tomcat combination, but that security isn't among them :-)
Ok?
> >
>
> Do you hold the content of the pages in memory and stream them out
> from your servlet?
> Maybe I'm getting it completely wrong, but imo your servlet is a 3
> liner (simplified version):
> doGet(req,res){
> res.setHeader(....);
> res.getOutputStream().write(Cache.getFileContent(getFileName(req)));
> res.getOutputStream().close();
> }
>
Due to the number of our html/js-files we cannot hold them completely
in memory. With the principle of the filter you're right.
We tested this version (Tomcat/HeaderFilter) against
Apache/mod_headers, and Apache simply performed faster
hmm, haven't you said you have 300.000 files? I don't know how large
your files actually are, but assuming 100K a fairly large size you 'll
need ~30 Gb of RAM to cache them all. Now a machine with 32 Gb of RAM
is pretty cheap nowerdays, so why not cache them?
>
> That's an argument I'm buying :-)
>
I know, this is a Tomcat mailing-list here, and I shouted "Jehova",
but guys, believe me, sometimes it's quite enlightening taking a look
over the fence ;)
Cheers
greg
Regards
Leon
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
