DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=40947>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=40947 ------- Additional Comments From [EMAIL PROTECTED] 2006-12-14 10:39 ------- The subject was that you felt that using a port and reading a string to shutdown tomcat was insecure. My point was that you don't have to rely on that mechanism - there are other mechanisms already available to you. If you are uncomfortable with the shutdown port, you can disable it in your installation and use a method you think is more secure. In either case, if you want to disable the shutdown port, *and* have Tomcat work as a "system service" either on Linux/Unix or Windows, some custom work will be required on your part. For Linux, you'll have to adjust the startup script to kill tomcat instead of invoking its "stop" command. On Windows, there may be an issue because the default service stop/start defaults to using PROCRUN to invoke the Catalina stop() entry point which simply sends a string to the shutdown port. Perhaps a custom shutdown script can be whipped up to send a CTRL-BREAK to the process instead, and have the service invoke that for stopping the process (this may require some development work). On second thought, I think this may be a valid enhancement request for the future - a more reliable semi-secure mechanism so that only the process owner or the administrator can shut the process down. Martin: perhaps you can create a separate enhancement request for this? But it's definitely not a very high priority - for most environments, this isn't an issue, and for the few where it is (shared Linux environments in schools, etc.), it's possible to hand-tweak the init scripts and server.xml to not use the shutdown port at all. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
