You can search the web until your blue - but the truth is - this is really new territory. I say it mostly depends on your needs. There is nothing foolish about running tomcat standalone. I've set up a few small companies using TC standalone only. Servlets DO handle multiple requests pretty well - depending on their implementation - which you can research since the source is available. :)
The issue of running the process as user x - more or less is a security issue. As such, because it deals with a process running on an operating system, it becomes an operating system security issue. Granted - if TC's security is breached, then it is probably more likely that if you run as root, an intruder could do more damage than a regular generic user could... BUT - that is IF security is breached. TC is pretty solid - in that it lives under the java security umbrella, with it's own security manager, and thus protects from the standard issues that plague M$ software. This doesn't mean it is bug free though - people find stuff all the time - but the finding in beta testing helps protect it when it goes to release. Running TC as another user can add complexity to the configuration - since you have to make sure that the specified user can access resources that the web server may need. Hope that helps... Randy ----- Original Message ----- From: "neal" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Friday, September 06, 2002 6:25 PM Subject: RE: Tomcat standalone Versus Apache > Alright, > > So there's no taboo here that I'm not aware of. It sounds like a lot of > people do run Tomcat with Apache but not all and its simply a matter of what > fits my needs best. So, there are no silver bullet issues (other than > posibly this roon daemon thing) which suggests running Tomcat standalone in > production is foolish, right? > > Thanks. > Neal > > > > -----Original Message----- > From: Randy Secrist [mailto:[EMAIL PROTECTED]] > Sent: Friday, September 06, 2002 2:44 PM > To: Tomcat Users List > Subject: Re: Tomcat standalone Versus Apache > > > I have heard reports, (although never seen actual numbers or data) that > suggest that if you have a lot of static pages for a large site, standalone > Tomcat decreases in performace pretty quickly. That said - Apache has also > been tested and proven with static pages, and has a great system for adding > extentions. As such, many production environments run cgi, php, and other > scripting languages for their web pages. Apache's role as a fully > serviceable http server is much more broad than the http services Tomcat > connectors provide. Tomcat connectors CAN interface with Apache to give jsp > / servlet container abilities to Apache. > > Usually, people run Apache + Tomcat so they can use multiple scripting > languages - since the entire world doesn't use java. While Tomcat does > support cgi (via servlet calls), jsp / servlet containers were not designed > with this explicitly designed as their main role - while Apache was. I have > also never heard of a servlet that imitates php...although someone who never > sleeps at night has probably implemented it. > > Randy > > ----- Original Message ----- > From: "neal" <[EMAIL PROTECTED]> > To: "Tomcat Users List" <[EMAIL PROTECTED]> > Sent: Friday, September 06, 2002 3:24 PM > Subject: Tomcat standalone Versus Apache > > > > What do most people run for production and why? Tomcat standalone or > Tomcat > > with Apache? And for that matter, isn't the http server for Tomcat > Apache - > > or is it something else? > > > > John Turner mentioned the possible concern with running Tomcat as root. > Are > > there any other concerns? Performance? Security? > > > > Thanks. > > Neal > > > > > > -- > > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
