Home » Architecture, Open Source Tools

Tomcat: Maximizing Performance & Security

24 November 2008 No Comment

Mark Thomas, a senior software engineer from SpringSource and the leading contributor to Tomcat security, talks about how security vulnerabilities are handled by the Tomcat team and how end users are served while preventing security problems.  Mark discusses how using an open source project has the following disadvantage: as soon as a new version is published, the new version can be reverse engineered and vulnerabilities can be discovered. Therefore, commits are not announced as security vulnerabilities. Once a release is available for download vulnerabilities are announced.  Mark gives some examples of previous security issues and explains them briefly. Some of the vulnerabilities do not apply for all versions of a release. Upgrading or patching can be appropriate solutions in most cases. Mark demonstrates how these are done by changing the Tomcat configuration. Clustering can be another option and he explains how can this be achieved towards the end of the talk.

Related Posts:

Comments:

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.

CAPTCHA Image
*