I won't argue with no. 1 since I don't use SSL connectors in Tomcat. However, no. 2 can be mitigated with the commons-daemon project among other tricks and IMHO, not a valid argument against having Tomcat out front.
Just my thoughts on the subject. :-) -David Mark wrote: >I was very interested in the discussion concerning Apache vs Tomcat >WRT Performance. While I cannot argue with the performance numbers, I >do like putting Apache in front of Tomcat for 2 reasons that I have >found so far. > >1. SSL. If I am going to be serving pages whether they be dynamic or >static, I think Apache handles the SSL communications and key storage >better. In tests that I have run, the crypto that needs to be done to >support SSL is faster in C than Java. Also, Tomcat stores any key >information in a flat file, where Apache will prompt for a password on >startup. Now some administrators might like this better, because >Tomcat will then start automatically at boot time, I would not want >any password of mine sitting in the clear in a test file. >2. If you are hosting your site using port 80 on Unix boxes this means >running Tomcat as root. I can think of very few reasons why Tomcat >needs to be run as root. Apache has the ability to 'downgrade' user >privileges once Apache is started. > >Please do not think that I am bashing Tomcat, juts pointing out some >interesting findings that I have come across over time. I have been a >supporter and user of tomcat back to the 3.x days and will continue. > >Thank you. > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > -- ======================================= David Smith Network Operations Supervisor Department of Entomology College of Agriculture & Life Sciences Cornell University 2132 Comstock Hall Ithaca, NY 14853 Phone: 607.255.9571 Fax: 607.255.0939 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]