RE: *** Ordinary users can kill the tomcat server? ***The execute() method
of the org.apache.tomcat.task.StopTomcat class first does a scan of the
localhost for a valid Ajp12 connector to determine the port number. So I
imagine it is possible to use a port other than 8007. You just need to tell
Apache that somehow I guess.
I guess the moral of this story is: don't put the Tomcat server on the
public shell server! But I guess you should be doing this anyway.
- Arcadio
----- Original Message -----
From: Cox, Charlie
To: '[EMAIL PROTECTED]'
Sent: Thursday, May 24, 2001 8:22 AM
Subject: RE: *** Ordinary users can kill the tomcat server? ***
This is definately a problem, but you can minimize this problem by
restricting access to port 8007 to the local machine in the server.xml by
adding:
<Parameter name="inet" value="127.0.0.1"/>
Then you can control who has access to the production machine.
This should definately be added to the documentation to recommend using the
'inet' parameter to prevent anyone from connecting to your machine and
issuing a shutdown.
Is it possible to change the default port(8007) where someone would have to
view the config files to find the AJP12 port? Does shutdown refer to
server.xml to get the port number?
Charlie
