On 12/28/2018 7:07 AM, Christopher Schultz wrote:

Hash: SHA256


Someone asked this question on SO recently:

TLDR: this person wants to set system properties in but be able to "override" those from the command-lin

The fix would be trivial: just don't clobber the value of any existing
system property in CatalinaProperties when copying the properties from
the file to the live system properties.

I'm wondering if anyone can think of any security issues with doing
that. Presumably, if a user can launch Tomcat, they can set system
properties. However, it's possible that a user might have the right to
*launch* Tomcat, but not reconfigure it (e.g. read-only

That could easily be solved by using a
setting like "" or
something like that.

How about adding an optional file named "", which will be read before "", and whose values will be set only if no corresponding keys are set in System properties?  e.g.

# file

Can be overridden with ``, but

# file

Can not be overridden, as it is now.

Users will know that if they place a value in the default file, it could be overridden with a System property.

This should be fairly simple and I can implement it if it sounds like a good idea.


To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to