Large flame war occurred People disagreed greatly Re-live on archive -Tim
mech wrote:
I have a question because my tomcat is running on a solaris machine. I'm
not the admin.
I know it's easily possible to connect to that server pc for lot's of
people.
So I tried to use rlogin myself, telnet localhost 8005, say SHUTDOWN and
down was the server. Unfortunately anyone else could have done it, too.
Except changing the "SHUTDOWN" command to something more secret and
preventing server.xml from reading, i have no idea how to prevent
shutdown, because I don't think it'll be possible to prevent other users
from rlogin to this server machine.
My questions (maybe not all are equally reasonable, but at least I want
to get an idea about several options):
1. Is it possible to disable the listener at port 8005 completely?
2. Except the file permissions and changing the SHUTDOWN command, is
there any other way on solaris to prohibid telnet localhost 8005 in any
way for users (a bit unix specific, i know)
3. If I change the SHUTDOWN command to something else, will I still be
able to use shutdown.sh? I mean what mechanismn does the shutdown.sh use? Is it mainly doing
tcp/ip and sending this command, then I suggest I would have to change
the shutdown.sh to use the new secret word. If yes, how to do it?
Thanks
Michael
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
