F4ded removed a comment on pull request #484: URL: https://github.com/apache/tomcat/pull/484#issuecomment-1071971332
> I think that the feature that this PR tries to remove may protect Tomcat from a DOS attack. > > Consider, that an instance of Apache Tomcat is running in production and has a JSP that fails to compile. Does every request trigger a recompilation, or only one in 4 seconds? How much load does it cause? > > The docs suggest to turn off recompilation of JSPs when running in production, but many people do not bother to change their configuration. So a DOS is a concern. > > If this PR is closed in anticipation of a different fix, I think it may be good to file this as an issue (enhancement request) into Bugzilla. > > Regarding the patch itself, line 451 in Compiler.java: I think that the "jsw.getCompileException() == null" check is cheaper than a "System.currentTimeMillis()" call and thus should come first. I seem to realize the problem with this commit, if a jsp file is modified to have a syntax error, after adding `jsw.getCompileException() == null`, the func `isOutdated` will always return true, so every request will trigger a recompilation, which will take up some resources. There might be a better solution, I will try it later. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
