One could always use ipchains/iptables or similar prevent all access to port 8005.
Of course the downside is you have to resort to kill to stop tomcat. Probably a better way to go is to write a new servlet which listens on a protected URL. The servlet would have manager privledges and could kick off the shutdown process. How to actually do this (and if its feasable) would involve a nice dive into the soruce code. Turner, John wrote: > That's good, but that doesn't resolve a regular user having the ability to > do a shutdown when logged in. > > John > > > >>-----Original Message----- >>From: HAVENS,PETER (HP-Cupertino,ex3) [mailto:[EMAIL PROTECTED]] >>Sent: Wednesday, September 11, 2002 2:12 PM >>To: 'Tomcat Users List' >>Subject: RE: Tomcat shutdown & security >> >> >>FYI, >> >>Yes tomcat does use a port to shutdown but it is a >>requirement that the port >>be written to from the local host. That is if you try to >>open a socket and >>write the shutdown command to it, Tomcat will only shutdown >>if this is done >>from the same system that is running Tomcat. Try it. >> >>-Peter >> >>-----Original Message----- >>From: Przemyslaw Wegrzyn [mailto:[EMAIL PROTECTED]] >>Sent: Friday, September 06, 2002 1:22 PM >>To: Tomcat Users List >>Subject: RE: Tomcat shutdown & security >> >>On Fri, 2002-09-06 at 21:04, Turner, John wrote: >> >>>Very interesting. I hadn't investigated this scenario >> >>until now. I like >> >>>your suggestion. >> >>Even more, I've checked what exactly goes there, and you can stop >>default Tomcat installation by simply telneting localhost 8005 and >>typing SHUTDOW from your console. Of course any user can do this. >>IMHO It's not acceptable. >> >>-=Czaj-nick=- >> >> >> >>-- >>To unsubscribe, e-mail: >><mailto:[EMAIL PROTECTED]> >>For additional commands, e-mail: >><mailto:[EMAIL PROTECTED]> >> >>-- >>To unsubscribe, e-mail: > > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
