I always think of the security of Apache not in terms of features
provided, but number of eyeballs scrutinizing. Apache is SO widely used
that I would think it is safe to say that exploits would be found
sooner. Not enough people using Tomcat use the built-in HTTP stack, and
so I wouldn't rely on it being completely exploit free (though our
confidence level is pretty high, of course).

>>> Nikola.Milutinovic@(protected) >>>

"achana" mentioned security. Well, Apache has more HTTP Authentication
modules
than Tomcat does (although JDBC realm can go against any DB). We dons't
have
Kerberos HTTP Auth (SPNEGO authentication method), which comes in handy
with the
deployment of Microsoft's Active Directory.

Nix.


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)


Jeff Tulley (jtulley@(protected))
(801)861-5322
Novell, Inc., The Leading Provider of Net Business Solutions
http://www.novell.com

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)