> From: fredk2 [mailto:fre...@gmail.com] > Subject: RE: redirection > > The apache httpd web server is more versatile
Additional versatility is worthless if not needed; from a security perspective it merely provides more opportunities for abuse. > its vulnerabilities are better researched Evidence, please? Just because httpd has been around longer does not necessarily mean it is more secure. Besides, since the previously suggested arrangement was to forward all requests to Tomcat, httpd security is of no interest. > (assuming you do not use a WAF firewall) If you're not using a firewall, you're simply asking for trouble. > Furthermore you can add more Tomcats and balance when needed Performance was not a topic of discussion; even if it were, there are much superior load balancers available (although they do have a cost). > on unix if you do not use jsvc or iptable you need to run > tomcat as root for port 80 which is not a good idea No one ever suggested running Tomcat as root. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
