Embedthis Appweb™ Internals
The core of Appweb is an event-driven, multi-threaded HTTP pipeline above which modules are loaded to provide content specific handling and to extend its functionality.
Appweb has the following features:
- High performance event based request engine.
- Multi-threaded core for sync and async processing.
- Modular architecture with dynamic module loading.
- Garbage collector based memory allocator provides fast allocations and eliminates memory leaks.
- Portable runtime layer to isolate platform dependencies.
- Sandboxing to limit resource consumption for more robust operation.
- Safe programming layer to prevent buffer overrun exploits.
- Apache compatible configuration.
- Extensive logging and debug trace.
Appweb has an efficient, zero-copy request bidirectional pipeline to process requests and generate responses. This consists of a mechanism of queues, packets, buffering and event scheduling. The pipeline architecture is highly optimized and supports the efficient transmission of data without copying. It uses sendfile, async I/O and vectored, scatter/gather writes to the network to avoid the costly aggregation of data and headers in a single buffer before writing to the network.
Most web servers have become gradually become more secure by a painful process of patching. Developing a web server to be secure by design from the inception is much easier than trying to graft-on security after the fact. Securing embedded web servers is even more difficult than enterprise web servers , as it must be done without increasing memory footprint or degrading performance.
Embedthis Portable Runtime (MPR)
Appweb has been designed to be secure from the foundation up by using a Portable Runtime (MPR). The MPR is a cross-platform layer that permits over 97% of the Appweb code to be portable. It includes many mechanisms to assist in the creation of secure application. One such facility is a safe string and buffer handling module to help eliminate buffer overflows that have plagued many products.
Appweb closely controls its use of system resources via a technique known as "sandboxing". This means running the web server within tightly controlled limits so that request errors will not compromise system operation. Appweb has also been hardened against several common denial of service attacks.
Appweb can be configured to:
- Preallocate memory and not grow beyond predefined memory limits
- Reject requests that are too large
- Reject URLs that are too long
- Run single-threaded or use a limited pool of reusable threads to service requests
- Be run by a designated user account or user group
To build on this foundation, Appweb also provides a Secure Sockets Layer and Digest authentication.
To learn more about Appweb, please read: