My understanding is that the folks at SUN really put their backs into it from the beginning: https://stackoverflow.com/questions/479701/does-java-have-buffer-overflows
Since hot spot compilers have matured, Java is virtually as fast as C/++ (the Java is slow argument falls in my deaf ears, even if it is amazingly repeated still today by members of other programming religions). Other proxies/balancers also do threat mitigation (DDOS, flooding, etc). I have written some of my own code to deal with this .. because of the way I handle data and MVC, I have a central place to park all of the heuristics. I bet these heuristics could become robust and maintainable over time. I would be happy to share (would need a little time to isolate and deliver). I have always wondered how difficult it is to have Apache/Tomcat evaluate new projects. Part of this certbot solution requires providing some automated validation for the certbot CSA agent. This code can stand alone, but I have it integrated with some other tools that have also proven helpful. I wonder if I might attract a sponsorship from someone within ASF for my project? I call it DB2DOM.COM - it's a "pseudosingularity" because it is used to extend and maintain itself. Any ideas I'd love to hear them. Have a good one, John On 4/17/19, TurboChargedDad . <linuxhpc...@gmail.com> wrote: > I would have the opposite feeling. I would not want a java process > parked out in the internet. Not saying you're wrong just my personal > feeling. Maybe things have shifted in a different direction over the > year. I do agree that something like that would be helpful to other tomcat > admins. Would you consider putting it into github ? > > Thanks, > J > > On Wed, Apr 17, 2019 at 9:18 AM John Dale <jcdw...@gmail.com> wrote: > >> I have a really nice process that works great with certbot. Single >> command to renew all of my certs and I'm finished. >> >> I get some piece of mind having a Java process guarding the front >> door. Seems to be more impervious to overflows. What am I missing? >> >> I think what I have might be easily developed into something to help >> other Tomcat users. >> >> On 4/17/19, TurboChargedDad . <linuxhpc...@gmail.com> wrote: >> > We terminated SSL above the tomcat layer using NGINX or Apache to >> > avoid >> > the complexities that come with managing a JKS. I want to hear all I >> > can >> > on this subject. >> > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org