> From: Dale Ogilvie [mailto:dale_ogil...@trimble.com] > Subject: Buggy java native call kills tomcat
> My question: can we protect ourselves from total instance failure, i.e. > restrict the damage to the death of just the app calling the native > library? Is there a way to make the tomcat VM survive a badly written > native component? Simple answer: nope. In a Windows or Linux environment, native code has full access to the entire address space of the process, and can therefore scribble over anything it feels like, corrupting the JVM. In general, you should try to avoid native code called from Java like the plague; not doing so means you might as well write in C (or worse, C++). If you must use native code, running it in a separate process and communicating with it via pipes or sockets is much safer, but then you have to deal with timeouts and other error recovery issues. Another option is to run a webapp that uses native code in a separate Tomcat instance (using a different port), and forward requests to it from the primary Tomcat. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org