[GitHub] [tomcat] kkolinko commented on pull request #484: Change the logic for judging whether a jsp file is outdated

[GitBox <gi...@apache.org>]

kkolinko commented on pull request #484:
URL: https://github.com/apache/tomcat/pull/484#issuecomment-1071948912


   I think that the feature that this PR tries to remove may protect Tomcat from a DOS attack.
   
   Consider, that an instance of Apache Tomcat is running in production and has a JSP that fails to compile. Does every request trigger a recompilation, or only one in 4 seconds? How much load does it cause?
   
   The docs suggest to turn off recompilation of JSPs when running in production, but many people do not bother to change their configuration. So a DOS is a concern.
   
   If this PR is closed in anticipation of a different fix, I think it may be good to file this as an issue (enhancement request) into Bugzilla.
   
   Regarding the patch itself,  line 451 in Compiler.java:
   I think that the "jsw.getCompileException() == null" check is cheaper than a "System.currentTimeMillis()" call and thus should come first.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org