In a secure environment, you should also change the shutdown password (in the <Server> element), and make server.xml readable only by the username under which Tomcat is running.
Of course, a malicious developer with the right to update webapps can cause you grief. Consider the following JSP page: <% System.exit(0); %> To solve that, read up on running Tomcat under a security manager. Craig On Wed, 11 Sep 2002, HAVENS,PETER (HP-Cupertino,ex3) wrote: > Date: Wed, 11 Sep 2002 14:12:05 -0400 > From: "HAVENS,PETER (HP-Cupertino,ex3)" <[EMAIL PROTECTED]> > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > To: 'Tomcat Users List' <[EMAIL PROTECTED]> > Subject: RE: Tomcat shutdown & security > > FYI, > > Yes tomcat does use a port to shutdown but it is a requirement that the port > be written to from the local host. That is if you try to open a socket and > write the shutdown command to it, Tomcat will only shutdown if this is done > from the same system that is running Tomcat. Try it. > > -Peter > > -----Original Message----- > From: Przemyslaw Wegrzyn [mailto:[EMAIL PROTECTED]] > Sent: Friday, September 06, 2002 1:22 PM > To: Tomcat Users List > Subject: RE: Tomcat shutdown & security > > On Fri, 2002-09-06 at 21:04, Turner, John wrote: > > > > Very interesting. I hadn't investigated this scenario until now. I like > > your suggestion. > > Even more, I've checked what exactly goes there, and you can stop > default Tomcat installation by simply telneting localhost 8005 and > typing SHUTDOW from your console. Of course any user can do this. > IMHO It's not acceptable. > > -=Czaj-nick=- > > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
