Re: Can I get an answer please -- Re: Why integrate Tomcat with aweb server?
I did, last week. In any case, if you have something to ask me directly, you can send me a message off-list. John Nathan Ward wrote: Hello John, I hate to be pushy, but are you going to post a reply to this question at some point? Nathan - Original Message - From: Nathan Ward To: [EMAIL PROTECTED] ; Tomcat Users List Sent: Monday, August 04, 2003 11:05 AM Subject: Why integrate Tomcat with a web server? I have a question for John Turner about a statement in the book Apache Tomcat Security. Page 12 says: "As discussed earlier, running publicly available web services as root or superuser is typically a bad idea, so the solution is to avoid using Tomcat as a stand-alone web server on port 80 by integrating it with a standard HTTP web server such as Apache, Microsoft's IIS, or Sun Microsystem's iPlanet." Question: Does this apply when running under Windows? The reference to "as discussed earlier" talks about running Tomcat as a service with more permissions than necessary. Windows defaults to running services as SYSTEM which has administrator privileges. Fine, but as also mentioned earlier, you can create a user account with less permissions and setup the service to run Tomcat under that account. So, how does the statement on page 12 relate to running Tomcat under windows, i.e. why run Tomcat with IIS rather than just run Tomcat? There may be performance reasons, but from a security point of view, is there increased security risks in running Tomcat without IIS when running as a service under Windows? Nathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can I get an answer please -- Re: Why integrate Tomcat with aweb server?
That's cool, I was referring more to the second message about being "pushy". ;) John Nathan Ward wrote: Sorry about that John. I must have missed your reply. I'm still figuring out how to effectively use the mailing lists. I wanted to direct the message to you, but I thought it would be useful to others so I wanted to post it here rather than sending it only to you. Nathan - Original Message - From: "John Turner" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Friday, August 08, 2003 9:35 AM Subject: Re: Can I get an answer please -- Re: Why integrate Tomcat with a web server? I did, last week. In any case, if you have something to ask me directly, you can send me a message off-list. John - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can I get an answer please -- Re: Why integrate Tomcat with aweb server?
Past history in lab benchmarks of apache vs *any* java based web server either one would win different tests. For a single user slamming a webserver as fast as it can java webservers sometimes had better throughout. Where apache really starts winning with respect to speed is in the real world environment. We receive many requests from RFC1918 addresses for a public site I maintain. (RFC1918 specifies reserved ip addresses). Also lots of wacky packet conditions occur in the wild too. When those conditions are encountered, apache seems to handle them better than any java based web server. With respect to scalability of concurrent users, apache also usually won too. But that level of scalability is not needed for A LOT of site. The nicest thing about apache (IMO) is allowing you to keep it as a facade in front of your tomcat instances. That way, if you have a misbehaving (or high CPU) webapp - you can move that to another server transparently. It also allows you to use mod_headers, keep a single access log across all instances, and all the other modules out there. -Tim Shawn Zernik wrote: It actually makes since. Most web servers are in native code which is uasually faster, and tomcat is in java. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can I get an answer please -- Re: Why integrate Tomcat with aweb server?
Answered on 08/05/2003, 11:00 AM Eastern. If you want to address me, I suggest putting something in the subject line or sending me a message off-list. A subject line of "why integrate with a web server" is a FAQ that I would normally ignore. John Nathan Ward wrote: Hello John, I hate to be pushy, but are you going to post a reply to this question at some point? Nathan - Original Message - From: Nathan Ward To: [EMAIL PROTECTED] ; Tomcat Users List Sent: Monday, August 04, 2003 11:05 AM Subject: Why integrate Tomcat with a web server? I have a question for John Turner about a statement in the book Apache Tomcat Security. Page 12 says: "As discussed earlier, running publicly available web services as root or superuser is typically a bad idea, so the solution is to avoid using Tomcat as a stand-alone web server on port 80 by integrating it with a standard HTTP web server such as Apache, Microsoft's IIS, or Sun Microsystem's iPlanet." Question: Does this apply when running under Windows? The reference to "as discussed earlier" talks about running Tomcat as a service with more permissions than necessary. Windows defaults to running services as SYSTEM which has administrator privileges. Fine, but as also mentioned earlier, you can create a user account with less permissions and setup the service to run Tomcat under that account. So, how does the statement on page 12 relate to running Tomcat under windows, i.e. why run Tomcat with IIS rather than just run Tomcat? There may be performance reasons, but from a security point of view, is there increased security risks in running Tomcat without IIS when running as a service under Windows? Nathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can I get an answer please -- Re: Why integrate Tomcat with aweb server?
Agreed. John Noel J. Bergman wrote: Nathan, There are many facets to the subject, but if all you don't mind running all of your domains in one process, have no need for load balancing, no need for non-Tomcat features, etc., then running Tomcat directly is probably fine. Historically (and structurally), Tomcat should prove more secure than an IIS frontend. --- Noel - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can I get an answer please -- Re: Why integrate Tomcat with aweb server?
Hi, I agree. That is what I have always read and I think it's a wide conception that is out there. If this isn't true could someone enlighten us? -e On Fri, 8 Aug 2003, Rick Roberts wrote: > Of course not. I'm only regergitating stuff I have read. But I have seen it > from several different sources, so I took it as truth. Do you have benchmarks > to prove otherwise? > > -- > *** > * Rick Roberts* > * Advanced Information Technologies, Inc. * > * http://www.ait-web.com * > *** > Shapira, Yoav wrote: > > Howdy, > > > > > >>Because a web server serves static content (html, images, etc.) much > > > > faster > > > >>than tomcat will. > > > > > > Really? Do you have a benchmark using tomcat 4.1.x that supports the > > above? > > > > Yoav Shapira > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can I get an answer please -- Re: Why integrate Tomcat with aweb server?
Of course not. I'm only regergitating stuff I have read. But I have seen it from several different sources, so I took it as truth. Do you have benchmarks to prove otherwise? -- *** * Rick Roberts* * Advanced Information Technologies, Inc. * * http://www.ait-web.com * *** Shapira, Yoav wrote: Howdy, Because a web server serves static content (html, images, etc.) much faster than tomcat will. Really? Do you have a benchmark using tomcat 4.1.x that supports the above? Yoav Shapira - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can I get an answer please -- Re: Why integrate Tomcat with aweb server?
Because a web server serves static content (html, images, etc.) much faster than tomcat will. Nathan Ward wrote: Hello John, I hate to be pushy, but are you going to post a reply to this question at some point? Nathan - Original Message - From: Nathan Ward To: [EMAIL PROTECTED] ; Tomcat Users List Sent: Monday, August 04, 2003 11:05 AM Subject: Why integrate Tomcat with a web server? I have a question for John Turner about a statement in the book Apache Tomcat Security. Page 12 says: "As discussed earlier, running publicly available web services as root or superuser is typically a bad idea, so the solution is to avoid using Tomcat as a stand-alone web server on port 80 by integrating it with a standard HTTP web server such as Apache, Microsoft's IIS, or Sun Microsystem's iPlanet." Question: Does this apply when running under Windows? The reference to "as discussed earlier" talks about running Tomcat as a service with more permissions than necessary. Windows defaults to running services as SYSTEM which has administrator privileges. Fine, but as also mentioned earlier, you can create a user account with less permissions and setup the service to run Tomcat under that account. So, how does the statement on page 12 relate to running Tomcat under windows, i.e. why run Tomcat with IIS rather than just run Tomcat? There may be performance reasons, but from a security point of view, is there increased security risks in running Tomcat without IIS when running as a service under Windows? Nathan -- *** * Rick Roberts* * Advanced Information Technologies, Inc. * * http://www.ait-web.com * *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
