HOME SCALA & F# JAVA .NET WEB GROOVY & GRAILS ANDROID & IOS NOSQL ARCHITECTURE AGILE & SCRUM AGILE DEVELOPER  
Spring in Finance eXchange 2008: Mark Thomas on Tomcat: Maximizing Performance & Security
Tomcat: Maximizing Performance & Security
Mark Thomas discusses how to maximize performance and security in Tomcat.

Review:
Mark Thomas, a senior software engineer from SpringSource and the leading contributor to Tomcat security, talks about how security vulnerabilities are handled by the Tomcat team and how end users are served while preventing security problems.

Mark discusses how using an open source project has the following disadvantage: as soon as a new version is published, the new version can be reverse engineered and vulnerabilities can be discovered. Therefore, commits are not announced as security vulnerabilities. Once a release is available for download vulnerabilities are announced.

Mark gives some examples of previous security issues and explains them briefly. Some of the vulnerabilities do not apply for all versions of a release. Upgrading or patching can be appropriate solutions in most cases. Mark demonstrates how these are done by changing the Tomcat configuration. Clustering can be another option and he explains how can this be achieved towards the end of the talk.
Review by Eren Aykin


ABOUT MARK THOMAS
Mark Thomas is a Senior Software Engineer with SpringSource, has a MEng in Electronic and Electrical Engineering from the University of Birmingham, UK and is a Senior Software Engineer and Consultant with the Covalent Products Division of SpringSo
More about Mark Thomas
PODCAST TOMCAT: MAXIMIZING PERFORMANCE

This session took part at the Spring in Finance eXchange 2008. You can view the other 8 podcasts here.
SPONSORS
SpringSource
Skills Matter Ltd
Cake Solutions
PROGRESSIVE JAVA COURSES
Brian Sletten's Semantic Web Technologies Bootcamp, BRIAN SLETTEN'S SEMANTIC WEB BOOTCAMP
David Laribee's Leading Lean/Agile Teams, DAVID LARIBEE'S LEADING LEAN/AGILE TEAMS
David Pollak's Lift Basics Workshop, DAVID POLLAK'S LIFT BASICS
Dierk Koenig's Practical Grails for Developers, DIERK KOENIG'S PRACTICAL GRAILS FOR DEVELOPERS
Dierk Koenig's Practical Groovy for Developers, DIERK KOENIG'S PRACTICAL GROOVY FOR DEVELOPERS
Dmitry Buzdin's Advanced Google Web Toolkit: Large-Scale GWT Development, DMITRY BUZDIN'S ADVANCED GOOGLE WEB TOOLKIT
Spring Source's Enterprise Integration with Spring Training, ENTERPRISE INTEGRATION W SPRING
Gojko Adzic's Test Driven Development Workshop, GOJKO ADZIC'S TEST DRIVEN DEVELOPMENT WORKSHOP
Hans Dockter's Core Gradle: Gradle, a Build System for Java Workshop, HANS DOCKTER'S CORE GRADLE COURSE
SpringSource's Hibernate with Spring, HIBERNATE WITH SPRING
Howard Lewis Ship's Core TAPESTRY: Web Application Development with TAPESTRY, HOWARD LEWIS SHIP'S TAPESTRY WEB DEVELOPMENT COURS
Ian Robinson and Jim Webber's Neo4j Tutorial, IAN ROBINSON AND JIM WEBBER'S NEO4J TUTORIAL
Jan Machacek’s Practical Spring Integration Workshop, JAN MACHACEK’S SPRING INTEGRATION WORKSHOP
Jan Machacek’s Practical Spring Developer Workshop, JAN MACHACEK’S PRACTICAL SPRING WORKSHOP
John Smart's Java Power Tools Bootcamp, JOHN SMART'S JAVA POWER TOOLS
Jon Jagger & Kevlin Henney's Agile Development for Developers, JON & KEVLIN'S AGILE DEVELOPMENT COURSE
Kito Mann's JSF2 in Action, KITO MANN'S JSF2 IN ACTION
Kito Mann's JSF2 Update Course, KITO MANN'S JSF2 UPDATE COURSE
Peter Lubbers' HTML5 Mobile Mastery, PETER LUBBERS' HTML5 MOBILE MASTERY
Peter Lubbers' HTML5 Performance, Communication, and WebSockets Training Course, PETER LUBBERS' HTML5 PERFORMANCE & WEBSOCKETS
Simon Brown's Software Architecture for Developers Workshop, SIMON BROWN'S ARCHITECTURE FOR DEVELOPERS
Simon Brown's Enterprise Software Developer, SIMON BROWN'S ENTERPRISE SOFTWARE DEVELOPER
Spring Source's Tomcat Administration, SPRING SOURCE'S TOMCAT ADMINISTRATION
SpringSource's Rich Web Applications with Spring Training, SPRINGSOURCE'S RICH WEB APPLICATIONS WITH SPRING T
SpringSource's Core Spring: Developing with the Spring Framework, SPRINGSOURCE'S SPRING APPLICATION DEVELOPMENT
Steve Freeman and Nat Pryce's Growing Real Systems Guided by Tests, STEVE FREEMAN AND NAT PRYCE'S GROWING SYSTEMS
Typesafe's Advanced Scala, TYPESAFE'S ADVANCED SCALA
Typesafe's Fast Track to Play, TYPESAFE'S FAST TRACK TO PLAY
Typesafe's Fast Track to Scala, TYPESAFE'S FAST TRACK TO SCALA
Uncle Bob's Advanced Test Driven Development in NYC, UNCLE BOB'S ADVANCED TEST DRIVEN DEVELOPMENT IN NY
Uncle Bob's Clean Code: Agile Software Craftsmanship, UNCLE BOB'S CLEAN CODE WORKSHOP
PROGRESSIVE JAVA PODCASTS
Toby O'Rourke:Introducing Neo4j into a Relational Database Organisation, Introducing Neo4j
Toby O'Rourke : 23rd May 2012		 View Podcast: Introducing Neo4j into a Relational Database Organisation,
Luke Daley: Managing JavaScript with Gradle, JavaScript with Gradle
Luke Daley : 22nd May 2012		 View Podcast: Managing JavaScript with Gradle,
John Stevenson:(perfect? clojure environment), Perfect Clojure
John Stevenson : 16th May 2012		 View Podcast: (perfect? clojure environment),
Chris Harris:Building a MongoDB application with Grails , MongoDB with Grails
Chris Harris : 16th May 2012		 View Podcast: Building a MongoDB application with Grails ,
Sean Reilly:Non-rails Groovy development, Non-rails Groovy development
Sean Reilly : 16th May 2012		 View Podcast: Non-rails Groovy development,
Tom McMillen:CouchDB at the Hut Group, CouchDB at the Hut Group
Tom McMillen : 9th May 2012		 View Podcast: CouchDB at the Hut Group,
John Zablocki:The Couchbase Server Tutorial, The Couchbase Server Tutorial
John Zablocki : 9th May 2012		 View Podcast: The Couchbase Server Tutorial,
Nicki Watt:Neo4j Tales from the Trenches: A recommendation Engine Case Study, Neo4j Tales from the Trenches
Nicki Watt : 9th May 2012		 View Podcast: Neo4j Tales from the Trenches: A recommendation Engine Case Study,
Gavin Bell:Is Everything Social?, Is Everything Social?
Gavin Bell : 8th May 2012		 View Podcast: Is Everything Social?,
Ian Robinson:A Programmatic Introduction to Neo4j, Neo4j Intro
Ian Robinson : 3rd May 2012		 View Podcast: A Programmatic Introduction to Neo4j,
Jan Machacek:Polyglot applications in Java and Spring, Polyglot apps in Java and Spring
Jan Machacek : 3rd May 2012		 View Podcast: Polyglot applications in Java and Spring,
Various Speakers:Parkbench Panel Discussion with Pizza & drinks, Parkbench
Various Speakers : 3rd May 2012		 View Podcast: Parkbench Panel Discussion with Pizza & drinks,
Brian Sletten:Information Resources : Moving Beyond Objects, Moving Beyond Objects
Brian Sletten : 3rd May 2012		 View Podcast: Information Resources : Moving Beyond Objects,
David Morgantini:Exploring enterprise Java outside of Java EE, Exploring enterprise Java
David Morgantini : 3rd May 2012		 View Podcast: Exploring enterprise Java outside of Java EE,
Anirvan Chakraborty:Connecting to Neo4j using Spring Data, Connecting to Neo4j using Spring Data
Anirvan Chakraborty : 3rd May 2012		 View Podcast: Connecting to Neo4j using Spring Data,
OTHER PROGRESSIVE JAVA EVENTS
:SpringSource's Core Spring: Developing with the Spring Framework, SpringSource's Spring Application Development
4 DAY COURSE.
London, Tuesday, May 29th
Uncle Bob (Robert C. Martin):Uncle Bob's Advanced Test Driven Development in NYC, Uncle Bob's Advanced Test Driven Development in NY
3 DAY COURSE. Featuring Uncle Bob (Robert C. Martin)
New York, Tuesday, May 29th
London Java Community:Gradle - Build Automation Evolved, London Java Community
FREE EVENT: Gradle
London, Tuesday, June 12th
London Scala Users' Group:Experiences from a Real-World Scala Project, London Scala Users' Group
FREE EVENT: Real-World Scala Project
London, Wednesday, June 13th
GeekOut 2012, GeekOut 2012
CONFERENCE (2 DAYS)
Tallinn, Thursday, June 14th BOOK NOW!
Jon Jagger:Jon Jagger & Kevlin Henney's Agile Development for Developers, Jon & Kevlin's Agile Development Course
3 DAY COURSE. Featuring Jon Jagger
London, Monday, June 18th
Simon Brown:Simon Brown's Enterprise Software Developer, Simon Brown's Enterprise Software Developer
3 DAY COURSE. Featuring Simon Brown
London, Monday, June 18th
Trond Bjerkestrand:Typesafe's Fast Track to Scala, Typesafe's Fast Track to Scala
2 DAY COURSE. Featuring Trond Bjerkestrand
London, Monday, June 18th
© Copyright 2003-2011, Skills Matter Ltd
  Web development by You In Control
About Us  Jobs  Find Us  Meeting & Training Rooms  Newsletter  Jobs: Sales Executive  Jobs: Student SkillsCaster  jobs - junior event coordinator  Speed Coding 2011  Open Source Journal  Ticket Raffle  Agile Expert Series  Jobs: Sponsorship Development  jobs: Marketing & Sales Graduate Internship