HOME JAVA & JEE OPEN SOURCE .NET WEB & RIA CLOUD & GRID ARCHITECTURE & DDD AGILE PM & SCRUM AGILE TESTING & BDD OS, MOBILE & SERVER  
Spring in Finance eXchange 2008: Mark Thomas on Tomcat: Maximizing Performance & Security
Tomcat: Maximizing Performance & Security
Mark Thomas discusses how to maximize performance and security in Tomcat.

Review:
Mark Thomas, a senior software engineer from SpringSource and the leading contributor to Tomcat security, talks about how security vulnerabilities are handled by the Tomcat team and how end users are served while preventing security problems.

Mark discusses how using an open source project has the following disadvantage: as soon as a new version is published, the new version can be reverse engineered and vulnerabilities can be discovered. Therefore, commits are not announced as security vulnerabilities. Once a release is available for download vulnerabilities are announced.

Mark gives some examples of previous security issues and explains them briefly. Some of the vulnerabilities do not apply for all versions of a release. Upgrading or patching can be appropriate solutions in most cases. Mark demonstrates how these are done by changing the Tomcat configuration. Clustering can be another option and he explains how can this be achieved towards the end of the talk.
Review by Eren Aykin


ABOUT MARK THOMAS
Mark Thomas is a Senior Software Engineer with SpringSource, has a MEng in Electronic and Electrical Engineering from the University of Birmingham, UK and is a Senior Software Engineer and Consultant with the Covalent Products Division of SpringSo
More about Mark Thomas
PODCAST TOMCAT: MAXIMIZING PERFORMANCE
Digg! StumbleUpon
SPONSORS
SpringSource
Skills Matter Ltd
Cake Solutions
CLOUD & GRID COURSES
Developing with Salesforce.com, DEVELOPING WITH SALESFORCE.COM..
Amazon Web Services EC2 S3 Workshop, AMAZON WEB SERVICES EC2 S3 WORKSHOP
Ari Zilka's Core Terracotta: Scaling your Java Application with Terracotta, ARI ZILKA'S CORE TERRACOTTA WORKSHOP
Brian Sletten's Semantic Web Technologies Bootcamp, BRIAN SLETTEN'S SEMANTIC WEB BOOTCAMP
Building Google Maps Applications with Rails and Ajax, BUILDING GOOGLE MAPS
Christopher Riley's Cloud Computing Fundamentals for Developers & Architect, CHRIS RILEY'S CLOUD COMPUTING TECHNOLOGY OVERVIEW
Christopher Riley's Developing in Microsoft Azure, CHRIS RILEY'S DEVELOPING IN MICROSOFT AZURE
Deploying Ubuntu Enterprise Cloud, DEPLOYING UBUNTU ENTERPRISE CLOUD
Ehcache Core Training, EHCACHE CORE TRAINING
Matson Wade's Developing with Amazon Cloud Storage, MATSON WADE'S DEVELOPING WITH AMAZON CLOUD STORAGE
Matson Wade's Developing with Google App Engine, MATSON WADE'S DEVELOPING WITH GOOGLE APP ENGINE
Neil Bartlett's workshop on OSGi: The Dynamic Module System for Java, NEIL BARTLETT'S OSGI WORKSHOP
RDFa The Theory and Practice of Structured Data Publishing, RDFA THE THEORY AND PRACTICE OF STRUCTURED DATA PU
Rick Evans' Clustered Caching with Oracle Coherence, RICK EVANS' COHERENCE CLUSTERED CACHING
Robert Schneider's Guide to Cloud Computing for Managers, ROBERT SCHNEIDERS CLOUD COMPUTING FOR MANAGERS
Supporting Ubuntu 8.04 LTS, SUPPORTING UBUNTU 8.04 LTS
CLOUD & GRID PODCASTS
Russ Miles:Enabling Choice, Enabling the Market, Enabling Choice, Enabling the Market
Russ Miles : 11th Mar 2010		 View Podcast: Enabling Choice, Enabling the Market,
Joe Baguley:Energy, carbon, and clouds, Energy, carbon, and clouds
Joe Baguley : 11th Mar 2010		 View Podcast: Energy, carbon, and clouds,
Chris Swan:SaaS - an unintended casualty of the copyfight, SaaS - an unintended casualty of the cop
Chris Swan : 11th Mar 2010		 View Podcast: SaaS - an unintended casualty of the copyfight,
Geir Magnusson Jr:Cloud Computing, Cloud Computing
Geir Magnusson Jr : 11th Mar 2010		 View Podcast: Cloud Computing,
Simon Wardley:Welcome to Cloudcamp, Welcome to Cloudcamp
Simon Wardley : 11th Mar 2010		 View Podcast: Welcome to Cloudcamp,
:Big Cloud Debate, Big Cloud Debate
: 11th Mar 2010		 View Podcast: Big Cloud Debate,
:Unpack Discussion, Unpack Discussion
: 11th Mar 2010		 View Podcast: Unpack Discussion,
Kieran Gutteridge:Bring Wallpapers to Life with Android 2.1 and Live Wallpapers, Bring Wallpapers to Life with Android 2.
Kieran Gutteridge : 18th Feb 2010		 View Podcast: Bring Wallpapers to Life with Android 2.1 and Live Wallpapers,
Colin Howe:Re-writing Java classes in Scala - and making your code lovely, Re-writing Java classes in Scala - and m
Colin Howe : 8th Feb 2010		 View Podcast: Re-writing Java classes in Scala - and making your code lovely,
Joe Baguley:Pragmatic Clouds, Pragmatic Clouds
Joe Baguley : 8th Feb 2010		 View Podcast: Pragmatic Clouds,
:Unpanel Discussion, Unpanel Discussion
: 8th Feb 2010		 View Podcast: Unpanel Discussion,
Daniel Sikar:Amazon EC2 and S3: Cloud computing in two easy steps, Amazon EC2 and S3: Cloud computing in tw
Daniel Sikar : 1st Feb 2010		 View Podcast: Amazon EC2 and S3: Cloud computing in two easy steps,
Max Robbins:Where are the Big Customers?, Where are the Big Customers?
Max Robbins : 21st Jan 2010		 View Podcast: Where are the Big Customers?,
Gojko Adzic:Key Technical Differences between Cloud and In-house Deployments, Key Technical Differences between Cloud
Gojko Adzic : 21st Jan 2010		 View Podcast: Key Technical Differences between Cloud and In-house Deployments,
James Liddle:Middleware as a Service - How the Cloud is Shaping Next Generation Middleware, How the Cloud is Shaping Next Generation
James Liddle : 21st Jan 2010		 View Podcast: Middleware as a Service - How the Cloud is Shaping Next Generation Middleware,
OTHER CLOUD & GRID EVENTS
amazon web services user group:Daniel Sikar on Amazon Web Services, amazon web services user group
FREE EVENT: Daniel Sikar on AWS
London, Thursday, March 25th
:Ehcache Core Training, Ehcache Core Training
2 DAY COURSE.
London, Monday, April 19th
Robert Schneider:Christopher Riley's Cloud Computing Fundamentals for Developers & Architect, Chris Riley's Cloud Computing Technology Overview
1 DAY COURSE. Featuring Robert Schneider
London, Thursday, April 22nd
Cloud & Grid eXchange 2010, Cloud & Grid eXchange 2010
CONFERENCE (1 DAY)
London, Friday, April 23rd BOOK NOW!
Matson Wade:Matson Wade's Developing with Google App Engine, Matson Wade's Developing with Google App Engine
1 DAY COURSE. Featuring Matson Wade
London, Monday, April 26th
:Deploying Ubuntu Enterprise Cloud, Deploying Ubuntu Enterprise Cloud
2 DAY COURSE.
Paris, Tuesday, April 27th
Matson Wade:Matson Wade's Developing with Amazon Cloud Storage, Matson Wade's Developing with Amazon Cloud Storage
1 DAY COURSE. Featuring Matson Wade
London, Tuesday, April 27th
Rick Evans:Rick Evans' Clustered Caching with Oracle Coherence, Rick Evans' Coherence Clustered Caching
2 DAY COURSE. Featuring Rick Evans
Paris, Thursday, April 29th
© Copyright 2003-2010, Skills Matter Ltd
  Web development by You In Control
About Us  Jobs  Find Us  Meeting & Training Rooms  Newsletter  Community  Community-FR  Apress  1st Teach  Jobs: Sales Executive  Jobs: Student Podcaster  jobs - marketing assistant  Spring Certification