[inline]
Antony Paul wrote:
1, Is there any security threat for Tomcat 4.1 series. I am using Tomcat
4.1.27 for development. What is the history of Tomcat in this regard. Is
Tomcat vulnerable to any remote exploitation issues provided that the
application is well written. I want to collect some arguments to favour Java
and Tomcat.
None that anyone is aware of.
2, Any documentation on how servlet container is creating multiple instances
of same HttpServlet without implementing Runnable interface. At least
provide some links to docs or books which teaches threading issues in
servlet. It is only for a curiousity. I am only an application developer. I
want to improve my knowledge in servlet technology.
See the Servlet spec. I can't recommend any books.
3, How to test a servlet for threading issues.
3, Is there anything wrong in implementing logic in service method in a
class which extends HttpServlet. What will happen if a doHead and other
requests are send to it. How to simulate a doHead,doTrace etc.. request ?. I
got some info at http://www.jguru.com/faq/view.jsp?EID=8824
You are supposed to extend HttpServlet, then implement doHead(...),
doGet(...) or appropriate. If a method is not implemented, an NOT IMPLEMENTED
should get returned.
4, Is it possible to synchronise a block of code in a servlet. I mean only
one thread of the same servlet execute the same portion of code at a time
and completes execution. I dont want to implement SingleThreadModel and
there is only one name in web.xml pointing to same servlet class. I have an
idea. Is this right.
Create a synchronised block which synchronised on the class.
synchronized(AlertServlet.class){
---
}
My purpose is to synchronize database access. The application dont have
a heavy load.
Yes - but this may cause bad side effects. For concurrent programming, many
like Doug Lea's books.
5, Is it secure to transfer a request and response to another object which
is created in the service method of a servlet ?. I believe it is a safe
approach. I think Struts is doing this.
Secure - sure. Wise - depends. (On too many variables based on the writeup)
If using some MVC models, like struts, turbine, - then all is OK.
6, I have seen that Tomcat not shutting down the threads which are active
when shut down command is issued. I used to kill Tomcat in such conditions.
Does Tomcat will ever kill this threads if they are not completed execution.
What criteria is used in such cases.
Tomcat is a JVM process. Like any JVM, it only terminates when only daemon
threads are running.
7, In Tomcat 4.0.x series there is one file catalina.out which prints the
number of active Httpprocessor active(I think it is number of threads) ut it
is not found in 4.1 series. Is there any way to get this log file in 4.1. I
also want to writing to this log mailed to me when the no. of HttpProcessors
exceeds a limit without tweaking Tomcat code.
This may be in the catalina_XXX files. Not sure about this one.
-Tim
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]