> From: Markus Mehrwald [mailto:mmehrw...@gmx.at] > Subject: Re: mod_jk file not found > > First of all it would not be possible to run Tomcat as > user because it should listen on port 80/443.
Easily solved: http://wiki.apache.org/tomcat/HowTo#How_to_run_Tomcat_without_root_privileges.3F > Additionally we can use mod_security to precheck requests > delivered to tomcat to remove use- and sensless requests > and minimise the risk of attacks. Why do you think httpd is less susceptible to attacks than Tomcat is? Adding complexity usually increases risk, not the other way around. > The second thing is that apache is faster with delivering static files Definitely not true, and hasn't been for some years. Several performance studies demonstrate they are essentially equivalent (as they should be, since the APR connector is the same code that httpd uses). Even when not using APR, the non-SSL times are very close, with Tomcat ahead in some circumstances, httpd in others. > Third thing is if something happens to tomcat we are still able to > display a please-come-back-later-site with apache. And if something happens to httpd? What httpd is useful for is running PHP or other CGI mechanisms, and as a poor man's load balancer. The world has changed quite a bit since the Tomcat 4 days. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
