zhxy/http服务器/appweb-4.3.4-0/doc/guide/appweb/internals.html

166 lines
9.2 KiB
HTML
Raw Blame History

<!-- BeginDsi "dsi/head.html" -->
<!DOCTYPE html>
<html lang="en">
<head>
<title>Embedthis Appweb 4.3.4 Documentation</title>
<meta name="keywords" content="embedded web server, web server software, embedded HTTP, application web server,
embedded server, small web server, HTTP server, library web server, library HTTP, HTTP library" />
<meta name="description" content="Embedthis Sofware provides commercial and open source embedded web servers for
devices and applications." />
<meta name="robots" content="index,follow" />
<link href="../../doc.css" rel="stylesheet" type="text/css" />
<link href="../../print.css" rel="stylesheet" type="text/css" media="print"/>
<!--[if IE]>
<link href="../../iehacks.css" rel="stylesheet" type="text/css" />
<![endif]-->
<link href="http://www.google.com/cse/style/look/default.css" type="text/css" rel="stylesheet" />
</head>
<body>
<div class="top">
<a class="logo" href="http://appwebserver.org/">&nbsp;</a>
<div class="topRight">
<div class="search">
<div id="cse-search-form"></div>
<div class="version">Embedthis Appweb 4.3.4</div>
</div>
</div>
<div class="crumbs">
<a href="../../index.html">Home</a>
<!-- EndDsi -->
&gt; <b>Internals Overview</b>
</div>
</div>
<div class="content">
<div class="contentRight">
<h1>Quick Nav</h1>
<ul>
<li><a href="#pipeline">Request Pipeline</a></li>
<li><a href="#security">Security</a></li>
<li><a href="#mpr">MPR</a></li>
<li><a href="#security">Security</a></li>
<li><a href="#sandboxing">Sandboxing</a></li>
<li><a href="#more">Want More?</a></li>
</ul>
<!-- BeginDsi "dsi/genSeeAlso.html" -->
<h1>See Also</h1>
<ul class="nav">
<li><a href="../../guide/appweb/overview.html">Appweb Overview</a></li>
<li><a href="../../guide/appweb/features.html">Appweb Features</a></li>
<li><a href="../../product/releaseNotes.html">Release Notes</a></li>
<li><a href="../../product/changeLog.html">Change Log</a></li>
<li><a href="../../product/roadmap.html">Roadmap</a></li>
<li><a href="../../product/compatibility.html">Compatibility</a></li>
<li><a href="../../licenses/index.html">Licensing</a></li>
<li><a href="../../product/install/index.html">Installation Overview</a></li>
<li><a href="../../guide/appweb/users/gettingStarted.html">Getting Started</a></li>
<li><a href="../../guide/appweb/users/index.html">Users Guide</a></li>
<li><a href="../../product/project.html">Project Resources</a></li>
</ul>
<!-- EndDsi -->
</div>
<div class="contentLeft">
<h1>Embedthis Appweb&trade; Internals</h1>
<p>The core of Appweb is an event-driven, multi-threaded HTTP pipeline above which modules are loaded to
provide content specific handling and to extend its functionality.</p>
<p><img src="../../images/modules.jpg" alt="modules" /></p>
<p>Appweb has the following features:</p>
<ul>
<li>High performance event based request engine.</li>
<li>Multi-threaded core for sync and async processing.</li>
<li>Modular architecture with dynamic module loading.</li>
<li>Garbage collector based memory allocator provides fast allocations and eliminates memory leaks.</li>
<li>Portable runtime layer to isolate platform dependencies.</li>
<li>Sandboxing to limit resource consumption for more robust operation.</li>
<li>Safe programming layer to prevent buffer overrun exploits.</li>
<li>Apache compatible configuration.</li>
<li>Extensive logging and debug trace.</li>
</ul>
<a id="pipeline"></a>
<h2>Request Pipeline</h2>
<p>Appweb has an efficient, zero-copy request bidirectional pipeline to process requests and generate
responses. This consists of a mechanism of queues, packets, buffering and event scheduling. The pipeline
architecture is highly optimized and supports the efficient transmission of data without copying. It uses
sendfile, async I/O and vectored, scatter/gather writes to the network to avoid the costly aggregation of
data and headers in a single buffer before writing to the network. <img src="../../images/pipeline.jpg"
alt="pipeline" />
<a id="security"></a></p>
<h2 class="section">Security</h2>
<p>Most web servers have become gradually become more secure by a painful process of patching.
Developing a web server to be secure by design from the inception is much easier than trying to
graft-on security after the fact. Securing embedded web servers is even more difficult than enterprise web
servers , as it must be done without increasing memory footprint or degrading performance.</p>
<a id="mpr"></a>
<h2>Embedthis Portable Runtime (MPR)</h2>
<p>Appweb has been designed to be secure from the foundation up by using a Portable Runtime (MPR). The MPR
is a cross-platform layer that permits over 97% of the Appweb code to be portable. It includes many
mechanisms to assist in the creation of secure application. One such facility is a safe string and buffer
handling module to help eliminate buffer overflows that have plagued many products.</p>
<a id="sandboxing"></a>
<h2>Sandboxing</h2>
<p>Appweb closely controls its use of system resources via a technique known as "sandboxing". This means
running the web server within tightly controlled limits so that request errors will not compromise system
operation. Appweb has also been hardened against several common denial of service attacks.</p>
<p>Appweb can be configured to:</p>
<ul>
<li>Preallocate memory and not grow beyond predefined memory limits</li>
<li>Reject requests that are too large</li>
<li>Reject URLs that are too long</li>
<li>Run single-threaded or use a limited pool of reusable threads to service requests</li>
<li>Be run by a designated user account or user group</li>
</ul>
<p>To build on this foundation, Appweb also provides a Secure Sockets Layer and Digest
authentication.</p>
<a id="more"></a>
<h2 class="section">Want More?</h2>
<p>To learn more about Appweb, please read:</p>
<ul>
<li><a href="overview.html">Appweb Overview</a></li>
<li><a href="goals.html">Appweb Design Goals</a></li>
<li><a href="uses.html">Appweb Target Uses</a></li>
<li><a href="../../ref/appweb/architecture.html">Appweb Architecture</a></li>
<li><a href="http://appwebserver.org">Appweb Web Site</a></li>
<li><a href="http://appwebserver.org/downloads/appweb/download.ejs">Appweb Download</a></li>
<li><a href="http://appwebserver.org/forum/">Appweb Support Forum</a></li>
<li><a href="http://embedthis.com">Embedthis Web Site for Commercial Licenses and Support</a></li>
<li><a href="../../index.html">Appweb Documentation</a></li>
</ul>
</div>
</div>
<!-- BeginDsi "dsi/bottom.html" -->
<div class="bottom">
<p class="footnote">
<a href="../../product/copyright.html" >&copy; Embedthis Software LLC, 2003-2013.
All rights reserved. Embedthis, Appweb, ESP, Ejscript and Embedthis GoAhead are trademarks of Embedthis Software LLC.</a>
</p>
</div>
<script src="http://www.google.com/jsapi" type="text/javascript"></script>
<script type="text/javascript">
google.load('search', '1', {language : 'en'});
google.setOnLoadCallback(function() {
var customSearchControl = new google.search.CustomSearchControl(
'000262706376373952077:1hs0lhenihk');
customSearchControl.setResultSetSize(google.search.Search.FILTERED_CSE_RESULTSET);
var options = new google.search.DrawOptions();
options.enableSearchboxOnly("http://appwebserver.org/search.html");
customSearchControl.draw('cse-search-form', options);
}, true);
</script>
<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-179169-2']);
_gaq.push(['_trackPageview']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink