Interview with Jean-Francois Arcand
Jean-Francois Arcand, a Tomcat 5 developer has recently been
interviewed by
TheServerSide..
It is very interesting, overall, but there were several things that
seemed strange to me.\r
\r
I have not used “embedded” feature of Tomcat but the impression, from
the interview, is that this just means there is an interface which
allows you to control Tomcat from your application.\r
\r
“Embedded” in the case of Jetty means much more - embedded Jetty is
just one JAR and you can use it as one JAR; it is very small, in size,
so you can really embed it into your application, without much
overhead.\r
\r
So, unless I misunderstood something, for the embedding (e.g. for
testing purposes, using as a Stub) Jetty, still, seems much more
convenient.\r
\r
On the same subject, for me personally, it was alerting to hear that
Jean-Francois has no idea about the embedding features in Jetty. That
may not mean much but is odd. People who have tendency towards the
re-invention of the wheel, do not usually invent good wheels. If you
begin work on embedding feature and there is a product that has that
figured-out, why would not you go and see how they did it? Maybe you
won\‘t do it the same way (most probably not) but at least - you should
look into it, should not you?\r
\r
Also:\r
\r
I was really surprised by one comment from the interview. The question
was if people should use Apache in front of Tomcat or run it as-is.
Jean-Francois made it sound like it is just a matter of performance and
almost suggested that Tomcat without Apache is just as good.\r
\r
NOT TRUE.\r
\r
Yes, Tomcat has gone long way in performance but that just proves the
point that: putting Apache in front of Tomcat is not a matter of
performance (performance may be the same) but _security_.\r
\r
To make Tomcat listen to port 80 you will need to launch it under root
user, which means your application code will also run under root.
That\’s _evil_. User applications should never run with root
privileges.\r
\r
When you put Apache in front of Tomcat (or any other servlet
engine/J2EE container, for that matter) your application can run under
an non-privileged user. That\’s much more secure.