On Mon, 30 Jul 2001, Tim O'Neil wrote:
> At 05:19 PM 7/30/2001, you wrote:
> >Of course, there are many non-performance-related reasons you might be
> >required to use Apache in conjunction with Tomcat (if you need the other
> >functionality that it provides). But, if you don't, you owe it to
> >yourself to see if Tomcat stand-alone runs fast enough before undertaking
> >the extra pain it takes to configure them to run together.
>
> I don't consider it that painful. It's hardly a pain at all.
> It involves adding an include to apache's httpd.conf.
That works until you try a servlet mapping in your web.xml file, or a
security constraint, or a bunch of other things. Current generation
connectors for Apache (but not mod_webapp under Tomcat 4) totally ignore
the contents of the web.xml file, so you have to tediously configure
everything twice.
> You still
> have to do all the configuration stuff in tomcat anyway.
And, in an ideal world, that's all you should ever have to do. More
precisely, you should only have to configure the application once (in
web.xml). But it doesn't normally work that way.
> But I've heard from more than one that Tomcat is faster. So
> there's that. But if security is an issue for you I have a hard
> time believing that Tomcat is as secure as Apache.
>
I'd sure be interested in what metrics you are using to measure "more
secure".
Craig
