[wildfly-dev] Using Wildfly as a load balancer
denstar
valliantster at gmail.com
Sat Jan 17 13:22:31 EST 2015
On 01/17/2015 07:27 AM, Jorge Solórzano wrote:
> Is authbind or privbind a good alternative? it probably has the same effect
> of setcap but with a little more security.
>
> It seems the best choice is iptables.
>
In general, probably.
As Jason said, we're talking some pretty low-level optimization here. In
99% of cases it won't make a lick of difference performance-wise.
Database calls and file reads and other IO will have a far more
observable impact most the time, and are also more popular vectors of
attack. It's more likely for one to have something dumb in their code
opening a hole than say, the SSH port binding example given earlier--
tho the former leads to the latter, so +1 for layers. (Including code
reviews and such.)
Really it depends on what you're doing, and plan on doing in the future.
Things vary by OS, which is something to consider if you're going to
have end-users running your application servers, but not so much if
you're offering a service, for example, or are fine specifying OS
requirements and what have you.
Den*
More information about the wildfly-dev
mailing list