FYI, Yes tomcat does use a port to shutdown but it is a requirement that the port be written to from the local host. That is if you try to open a socket and write the shutdown command to it, Tomcat will only shutdown if this is done from the same system that is running Tomcat. Try it.
-Peter -----Original Message----- From: Przemyslaw Wegrzyn [mailto:[EMAIL PROTECTED]] Sent: Friday, September 06, 2002 1:22 PM To: Tomcat Users List Subject: RE: Tomcat shutdown & security On Fri, 2002-09-06 at 21:04, Turner, John wrote: > > Very interesting. I hadn't investigated this scenario until now. I like > your suggestion. Even more, I've checked what exactly goes there, and you can stop default Tomcat installation by simply telneting localhost 8005 and typing SHUTDOW from your console. Of course any user can do this. IMHO It's not acceptable. -=Czaj-nick=- -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
