Roshan,
This assumes ...
The user has access to log onto the machine.
The user has access to read the server.xml file to find out what the shutdown command.
assuming you havn't changed the shutdown command to something less predictable
You may wish to set it to something else.
Of course if you know a better way ?
David
"NAIK,ROSHAN
(HP-Cupertino,ex1To: "'[EMAIL PROTECTED]'" <[EMAIL
PROTECTED]>
)" cc:
<[EMAIL PROTECTED]Subject: Tomcat shutdown port and
security
om>
05/08/2003 02:14
Please respond to
"Tomcat
Developers List"
Given that _anybody_ on the local machine could simply telnet to the
port and issue a "SHUTDOWN" command. Isnt the current shutdown mechanism in
Tomcat 4 a security issue ?
-- Roshan
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
This e-mail may contain confidential and/or privileged information. If you are not the
intended recipient (or have received this e-mail in error) please notify the sender
immediately and destroy this e-mail. Any unauthorized copying, disclosure or
distribution of the material in this e-mail is strictly forbidden.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]