On Jun 2, 2006, at 12:19 PM, Remy Maucherat wrote:
On 6/2/06, Jim Jagielski <[EMAIL PROTECTED]> wrote:
IMO, if you need to move out of "pure Java" in your Java Web
Server to get acceptable performance, then why use it in
the first place? Plus, if you are "concerned" about the
security of Apache (cause it's nasty C) and therefore
want to use a Java Web Server, then using JNI means
you've left that warm and safe place, since you are
no longer "safe" in a pure Java environment.
Web Servers are web servers primarily, focused on
HTTP, compliance, speed and capability. Use the
right tool for the right job :)
We know what your company recommends, thank you very much :)
What company is that?... jaguNET? And who brought
companies into this? *I* recommend using web servers
for web server functions. Or are you someone implying
that every post by anyone is somehow a post by some
corporate shill? If so, that's a pretty paranoid
and sad point of view.
Do you also mean to imply that the network code in the JVM is not
native, and cannot have any security problem, etc ? Using APR replaces
that native code and uses the one from the ASF instead.
Why do people program in Java? Because it's "safe", meaning
you can't have buffer overflows, etc... When you pull
in native C (outside of the JVM), you lose all that nice
safety that is *PART* of the JVM and Java itself. Someone
mentioned that they didn't want to have "Apache" in there
because it wasn't as secure as TC (presumably because [1]
it's used more often and therefore a bigger target and
[2] that it's written in C and therefore more prone
to coding errors that cause security risks), and the
above point directly responds to that thought.
If you "trust" APR, then you should also "trust" HTTPD :)
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
