On Fri, Oct 30, 2020 at 2:41 PM Christopher Schultz < ch...@christopherschultz.net> wrote:
> All, > > I propose that we enable RECYCLE_FACADES by default in Tomcat 10. > It has already been refactored. Rémy > > Reasons: > > 1. It is "safer" > > When running untrusted applications, a malicious application can > potentially spy on others. > > Application bugs can cause request/response confusion. > > 2. It reduces the number of false bug reports > > Anytime something odd is happening with an application running on > Tomcat, the application owner usually emails users@ and/or reports a bug > against Tomcat. The first thing we say is "enable RECYCLE_FACADES to be > sure it's not your application". > > 3. Performance hit is probably minimal > > I have no data on this, but I'm assuming that GC isn't an issue at all: > most requests/responses will be created and die all inside of the young > generation (or whatever it's called these days). > > I'm not sure how expensive creating a new request/response is. Perhaps > we could look into some targeted performance optimizations in this area. > > 4. Re-enabling RECYCLE_FACADES is trivial > > Just put it in setenv.sh/setenv.bat/catalina.policy > > I do not think we should change the default in Tomcat <10 as this might > be a surprise to a lot of users. > > -chris > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
