|
|
Spring in Finance eXchange 2008: Mark Thomas on Tomcat: Maximizing Performance & Security
Tomcat: Maximizing Performance & Security
Mark Thomas discusses how to maximize performance and security in Tomcat.
Review:
Mark Thomas, a senior software engineer from SpringSource and the leading contributor to Tomcat security, talks about how security vulnerabilities are handled by the Tomcat team and how end users are served while preventing security problems.
Mark discusses how using an open source project has the following disadvantage: as soon as a new version is published, the new version can be reverse engineered and vulnerabilities can be discovered. Therefore, commits are not announced as security vulnerabilities. Once a release is available for download vulnerabilities are announced.
Mark gives some examples of previous security issues and explains them briefly. Some of the vulnerabilities do not apply for all versions of a release. Upgrading or patching can be appropriate solutions in most cases. Mark demonstrates how these are done by changing the Tomcat configuration. Clustering can be another option and he explains how can this be achieved towards the end of the talk.
Review by Eren Aykin
ABOUT MARK THOMAS
|
Mark Thomas is a Senior Software Engineer with SpringSource, has a
MEng in Electronic and Electrical Engineering from the University of
Birmingham, UK and is a Senior Software Engineer and Consultant with the
Covalent Products Division of SpringSo
More about Mark Thomas
|
|
PODCAST TOMCAT: MAXIMIZING PERFORMANCE
This session took part at the Spring in Finance eXchange 2008. You can view the other 8 podcasts here.
|
|
|
