Re: Is web server in front of app server necessary?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 3/15/2010 8:52 PM, 夏蒸鑫 wrote:
> maybe,I don't know.
> but there is one point that we must believe.
> that is,tomcat's stable version is more secure than devel version of httpd.

Really?

You have over a century, perhaps 2 centuries of security experience among the
experts who monitor httpd commits, and that is only the core developers who aren't
out to profit over httpd's flaws to become blips on the httpd radar.  Hundreds of
researchers are watching httpd commits for the opportunity to say 'gotcha', and
hundreds more for the opportunity to quietly exploit a vulnerability.

It will be nice once the tomcat project grows to such proactive oversight.

All that said, neither is 'better'; the advantage of running httpd in front of
a tomcat server is that one is likely to avert an exploit in the other, due to the
fact that you have two sets of parsers in place, each rejecting bogus requests, so
the chances of a defect in one server showing up are significantly minimized.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux