I share David's frustration. One of the things that attracted me to Restlet in the first place was the hope that I could throw away all the other processes and do everything in the JVM. Why couldn't I put whatever throttling/defensive logic (that I would otherwise have to put in a separate process) right into the Restlet Component? Is a Restlet Component inherently "vulnerable" as Tal puts it, or is it just that no one has provided the right defensive Restlet Filter so far?
--tim On Fri, Sep 24, 2010 at 2:24 AM, David Fogel <[email protected]> wrote: > Hi Tal, William- > > Thanks for your feedback! > > Regarding putting the JVM behind Apache or some other proxy: well, > we're likely to have to use a load-balancer soon, but aside from that, > I find it frustrating to put something in front of the JVM- shouldn't > java web servers be considered just as robust and fast as ones written > in C or something else? It's not like java web servers are > inefficient CGI scripts or something, yet everyone is always saying to > stick things in front of them. I'm not suggesting this is wrong, just > that it's frustrating :-) > > Wouldn't it be nice if products like Jetty, Simple, etc had > appropriate built-in features to combat various misuse? It seems like > if they're serious about being web servers, they should consider these > features to be important. > > Anyhow, I'll probably try to block a few things at the Simple or > Restlet Filter level, just to make myself feel better... > > thanks, > Dave Fogel > > ------------------------------------------------------ > > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2663951 > ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2664269
