HOME JAVA & JEE OPEN SOURCE .NET WEB & RIA CLOUD & GRID ARCHITECTURE & DDD AGILE PM & SCRUM AGILE TESTING & BDD OS, MOBILE & SERVER  
Spring in Finance eXchange 2008: Mark Thomas on Tomcat: Maximizing Performance & Security
Tomcat: Maximizing Performance & Security
Mark Thomas discusses how to maximize performance and security in Tomcat.

Review:
Mark Thomas, a senior software engineer from SpringSource and the leading contributor to Tomcat security, talks about how security vulnerabilities are handled by the Tomcat team and how end users are served while preventing security problems.

Mark discusses how using an open source project has the following disadvantage: as soon as a new version is published, the new version can be reverse engineered and vulnerabilities can be discovered. Therefore, commits are not announced as security vulnerabilities. Once a release is available for download vulnerabilities are announced.

Mark gives some examples of previous security issues and explains them briefly. Some of the vulnerabilities do not apply for all versions of a release. Upgrading or patching can be appropriate solutions in most cases. Mark demonstrates how these are done by changing the Tomcat configuration. Clustering can be another option and he explains how can this be achieved towards the end of the talk.
Review by Eren Aykin


ABOUT MARK THOMAS
Mark Thomas is a Senior Software Engineer with SpringSource, has a MEng in Electronic and Electrical Engineering from the University of Birmingham, UK and is a Senior Software Engineer and Consultant with the Covalent Products Division of SpringSo
More about Mark Thomas
PODCAST TOMCAT: MAXIMIZING PERFORMANCE
Digg! StumbleUpon
SPONSORS
SpringSource
Skills Matter Ltd
Cake Solutions
JAVA & JEE COURSES
ActiveMQ, ACTIVEMQ
Tomcat Whizz: Advanced Tomcat Administration, ADVANCED TOMCAT ADMINISTRATION
Kevlin Henney's Practical Agile Development in Java Workshop, AGILE DEVELOPMENT IN JAVA
Intensive Alfresco Training for Development, ALFRESCO FOR DEVELOPERS
Alfresco System Administration, ALFRESCO SYSTEM ADMINISTRATION
Ari Zilka's Core Terracotta: Scaling your Java Application with Terracotta, ARI ZILKA'S CORE TERRACOTTA WORKSHOP
Brian Sletten's Semantic Web Technologies Bootcamp, BRIAN SLETTEN'S SEMANTIC WEB BOOTCAMP
Caucho Resin Administration , CAUCHO RESIN ADMINISTRATION
Core Gradle: Gradle, a Build System for Java Workshop, CORE GRADLE: A BUILD SYSTEM FOR JAVA
Core Mule: Mule ESB Architect Workshop, CORE MULE: MULE ESB ARCHITECT WORKSHOP
Ehcache Core Training, EHCACHE CORE TRAINING
Spring Whizz: Enterprise Integration with Spring Training, ENTERPRISE INTEGRATION W SPRING
Gojko Adzic's Test Driven Java Development Workshop, GOJKO ADZIC'S TDD JAVA DEVELOPMENT WORKSHOP
Graeme Rocher's Groovy and Grails Workshop, GROOVY & GRAILS WORKSHOP
Groovy Metaprogramming, GROOVY METAPROGRAMMING
Core TAPESTRY: Web Application Development with TAPESTRY, HOWARD LEWIS SHIP'S TAPESTRY WEB DEVELOPMENT
HTML5 Communication: Using Web Sockets and more to build real-time Web applications, HTML5 COMMUNICATION: USING WEB SOCKETS & MORE TOO
Hyperic Training, HYPERIC TRAINING
Java Power Tools Bootcamp, JOHN SMART'S JAVA POWER TOOLS
Kito Mann's JavaServer Faces in Action with Ajax, KITO MANN'S JSF WITH AJAX IN ACTION
Lean and Pragmatic Killer Apps with EJB 3.1, LEAN & PRAGMATIC KILLER APPS WITH EJB 3.1
Martin Odersky's Object-oriented meets functional: An exploration of Scala, MARTIN ODERSKY'S AN EXPLORATION OF SCALA WORKSHOP
Matt Raible's Open Source Java Jewels Course, MATT RAIBLE'S OPEN SOURCE JAVA JEWELS
Matt Raible's Spring Fundamentals Workshop, MATT RAIBLE'S SPRING FUNDAMENTALS
Sonatype Certified Maven Training, MAVEN TRAINING
Core Mule: Applications Development using Mule Worksop, MULE APPLICATION DEVELOPMENT
Mule Whizz: Mule for Administrators, MULE FOR ADMINISTRATORS
Neil Bartlett's workshop on OSGi: The Dynamic Module System for Java, NEIL BARTLETT'S OSGI WORKSHOP
Productive Java EE 5/6 - Rethinking The Best Practices, PRODUCTIVE JAVA EE 5/6
Programming Groovy, PROGRAMMING GROOVY
Rick Evans' Clustered Caching with Oracle Coherence, RICK EVANS' COHERENCE CLUSTERED CACHING
Simon Brown's Software Architecture for Developers Workshop, SOFTWARE ARCHITECTURE FOR DEVELOPERS
Discovery Day: Spring & Java Workshop, SPRING & JAVA WORKSHOP
Core Spring .NET: Developing with Spring .NET, SPRING .NET APPLICATION DEVELOPMENT
Core Spring: Developing with the Spring Framework, SPRING APPLICATION DEVELOPMENT
Core Spring and Hibernate : Developing Spring Applications with Hibernate O/R Mapping, SPRING HIBERNATE O/R MAPPING
Spring OSGi with SpringSource dm Server, SPRING OSGI WITH DM SERVER
Developing Rich Web Applications with Spring, SPRING RICH WEB APP DEVELOPMENT
Spring Whizz: Web Services with Spring-WS, SPRING WEB SERVICES
Tomcat Primer: Tomcat Administration Fundamentals Training, TOMCAT ADMINISTRATION FUNDAMENTALS TRAINING
Using GWT for Enterprise Web Development, USING GWT FOR ENTERPRISE WEB DEVELOPMENT
Core Wicket: Developing Applications with Wicket, WICKET APPLICATION DEVELOPMENT
JAVA & JEE PODCASTS
Nicolas Yuen:Accessibility API in Flex, nicolas yuen accessibility API in Flex
Nicolas Yuen : 17th Mar 2010		 View Podcast: Accessibility API in Flex,
Peter Ledbrook:Grails plugin testing, Grails plugin testing
Peter Ledbrook : 15th Mar 2010		 View Podcast: Grails plugin testing,
Richard Dallaway:Lift - Getting started with Scala and Lift, Lift - Getting started with Scala and Li
Richard Dallaway : 8th Mar 2010		 View Podcast: Lift - Getting started with Scala and Lift,
Cagatay Civici:PrimeFaces: Next Generation JSF Component Suite, PrimeFaces: Next Generation JSF Componen
Cagatay Civici : 3rd Mar 2010		 View Podcast: PrimeFaces: Next Generation JSF Component Suite,
Karl Widmer:Integrating JSF with Spring Web Flow, Integrating JSF with Spring Web Flow
Karl Widmer : 3rd Mar 2010		 View Podcast: Integrating JSF with Spring Web Flow,
Toni Menzel:Pax Exam 2.0 – Testing in the Cloud, Pax Exam 2.0 – Testing in the Cloud...
Toni Menzel : 22nd Feb 2010		 View Podcast: Pax Exam 2.0 – Testing in the Cloud,
Doreen Seider: OSGi-based Workflow Engine, OSGi-based Workflow Engine
Doreen Seider : 22nd Feb 2010		 View Podcast: OSGi-based Workflow Engine,
Felix Meschberger:Declarative Services: Dependency Injection OSGi style, Dependency Injection OSGi style
Felix Meschberger : 22nd Feb 2010		 View Podcast: Declarative Services: Dependency Injection OSGi style,
Guillaume LaForge:Scala, Groovy, JRuby, Clojure - Which JVM language is for you?, JVM language
Guillaume LaForge : 22nd Feb 2010		 View Podcast: Scala, Groovy, JRuby, Clojure - Which JVM language is for you?,
Jutta Eckstein:Creating Proximity over a Distance, Creating Proximity over a Distance
Jutta Eckstein : 22nd Feb 2010		 View Podcast: Creating Proximity over a Distance,
Glyn Normington:dm Server 2.0 , dm Server 2.0
Glyn Normington : 22nd Feb 2010		 View Podcast: dm Server 2.0 ,
Colin Howe:Re-writing Java classes in Scala - and making your code lovely, Re-writing Java classes in Scala - and m
Colin Howe : 8th Feb 2010		 View Podcast: Re-writing Java classes in Scala - and making your code lovely,
Krestan Krab Thorup:Erjang - A Java Hacker in Erlang Land, Erjang - A Java Hacker in Erlang Land
Krestan Krab Thorup : 3rd Feb 2010		 View Podcast: Erjang - A Java Hacker in Erlang Land,
Miles Sabin:A brief introduction to Scala for Java developers, Scala for Java
Miles Sabin : 28th Jan 2010		 View Podcast: A brief introduction to Scala for Java developers,
Peter Pilgrim:Professional Code Jam, Professional Code Jam...
Peter Pilgrim : 26th Jan 2010		 View Podcast: Professional Code Jam,
OTHER JAVA & JEE EVENTS
David Syer:Core Spring: Developing with the Spring Framework, Spring Application Development
4 DAY COURSE. Featuring David Syer
London, Tuesday, March 23rd
Ben Gidley Tapestry 5 in Action, Tapestry 5 in Action
FREE EVENT: In The Brain of Ben Gidley
London, Tuesday, March 23rd
JAVAWUG:JAVAWUG BOF 55 Ease into Scala Web Development, JAVAWUG
FREE EVENT: Ease into Scala Web Developmen
London, Wednesday, March 24th
:Gojko Adzic's Test Driven Java Development Workshop, Gojko Adzic's TDD Java Development Workshop
2 DAY COURSE.
Paris, Wednesday, March 31st
:Spring OSGi with SpringSource dm Server, Spring OSGi with dm Server
2 DAY COURSE.
London, Thursday, April 8th
London Scala Users' Group:Scala, Traits & Mixins, London Scala Users' Group
FREE EVENT: Traits & Mixins
London, Monday, April 12th
:Tomcat Primer: Tomcat Administration Fundamentals Training, Tomcat Administration Fundamentals Training
2 DAY COURSE.
London, Tuesday, April 13th
:Core Spring and Hibernate : Developing Spring Applications with Hibernate O/R Mapping, Spring Hibernate O/R Mapping
3 DAY COURSE.
London, Wednesday, April 14th
© Copyright 2003-2010, Skills Matter Ltd
  Web development by You In Control
About Us  Jobs  Find Us  Meeting & Training Rooms  Newsletter  Community  Community-FR  Apress  1st Teach  Jobs: Sales Executive  Jobs: Student Podcaster  jobs - marketing assistant  Spring Certification