Hi Igal,

I am not sure this is a good idea.
Usually .properties.default files are used as sample files. And one has to
rename them to .properties to make use of them.
IMO your suggestion will be confusing for people used to this approach.

Regards,
Martin

On Sat, Dec 29, 2018 at 2:11 AM Igal Sapir <isa...@apache.org> wrote:

> Chris,
>
> On 12/28/2018 7:07 AM, Christopher Schultz wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA256
> >
> > All,
> >
> > Someone asked this question on SO recently:
> > https://stackoverflow.com/questions/53921375/tomcat-overriding-catalina-
> > properties-from-commandline/53952396#53952396
> >
> > TLDR: this person wants to set system properties in
> > catalina.properties but be able to "override" those from the command-lin
> > e.
> >
> > The fix would be trivial: just don't clobber the value of any existing
> > system property in CatalinaProperties when copying the properties from
> > the file to the live system properties.
> >
> > I'm wondering if anyone can think of any security issues with doing
> > that. Presumably, if a user can launch Tomcat, they can set system
> > properties. However, it's possible that a user might have the right to
> > *launch* Tomcat, but not reconfigure it (e.g. read-only
> > catalina.properties).
> >
> > That could easily be solved by using a catalina.properties-only
> > setting like "catalina.properties.noclobber.system.properties=true" or
> > something like that.
>
> How about adding an optional file named "catalina.properties.default",
> which will be read before "catalina.properties", and whose values will
> be set only if no corresponding keys are set in System properties?  e.g.
>
> # file catalina.properties.default
> tomcat.port=8080
>
> Can be overridden with `-Dtomcat.properties=8888`, but
>
> # file catalina.properties
> tomcat.host=localhost
>
> Can not be overridden, as it is now.
>
> Users will know that if they place a value in the default file, it could
> be overridden with a System property.
>
> This should be fairly simple and I can implement it if it sounds like a
> good idea.
>
> Igal
>
>
>
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Reply via email to