DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=40947>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=40947 Summary: Stopping the server should not rely on passing a string to a port on localhost. Product: Tomcat 6 Version: 6.0.0 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Catalina AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: [EMAIL PROTECTED] Heya Folks, The process to stop the server currently passes a string ("SHUTDOWN" by default) to a port ("8005" by default) on the localhost. This is a security hole, since anyone with access to the machine can thus shutdown the server. Yes, i know it's possible to prevent users access to the machine, change the port and string, setup firewall rules to prevent access to the port. But that's all working around the real problem. We really need a new less insecure way to stop the server. Mazzel, Martijn. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
