More on security from jserv.javasoft.com:80/products/java-server/documentation/webserver1.0.2/servlets/api.html
Security Features
Servlets have access to information about their clients. When used with secure protocols such as SSL, peer
identities can be determined quite reliably. Servlets relying on HTTP also have access to HTTP-specific
authentication data.
Servlets have the Java advantage: memory access violations and strong typing violations are not possible, so that
faulty servlets will not crash servers the way that is common in most C language server extension environments.
Unlike any other current server extension API, Java Servlets provide strong security policy support. This is
because all Java environments provide a Security Manager which can be used to control whether actions such
as network or file access are to be permitted. By default, all servlets loaded over the network are untrusted, and
are not allowed to perform operations such as accessing network services or local files.
Performance Features
One of the biggest performance features of servlets is that they do not require creation of a new process for
each request. In most environments, many servlets run in parallel within the same process as the server. When
used in such environments with HTTP, servlets provide compelling performance advantages over both the CGI
approach and the Fast-CGI approach.
This is because servlets only require light weight thread context switches. Even Fast-CGI involves heavy weight
process context switching on each request, and regular CGI requires even heavier weight process startup and
initialization code on each request. Since in most environments servlets can handle many client requests each
time they are initialized, the costs of that initialization are spread over many methods. All the client requests to
that service have the opportunity to share data and communications resources, benefiting more strongly from
system caches.
With many implementations of the Java Virtual Machine (JVM), Java Servlet programs automatically take
advantage of additional processors, helping you scale your applications up from entry-level servers all the way
up to mainframe class multiprocessors. This helps provide better throughput and response time to your clients.
Because 100% Pure Java programs don't care what operating system they use, you have the power to choose
whatever system vendor best addresses your requirements in any given application |
