-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Chuck,
On 4/17/13 11:34 PM, Caldarale, Charles R wrote: >> From: Leo Donahue - RDSA IT [mailto:leodona...@mail.maricopa.gov] >> Subject: RE: server.xml shutdown port command string > >> If I am the only person deploying web apps (that I have >> developed), should I still consider changing this command string >> value to something more complex? > > Only if untrusted users have access to the machine Tomcat is > running on or misguided security policies dictate that you must. > If you're in a paranoid environment, just disable the shutdown > port. If an attacker is on your box, you are pretty much toast already, so changing the "shutdown password" doesn't really do much. It protects against a non-privileged user connecting to a fairly well-known port (default=8005) and issuing a fairly well-known command ("SHUTDOWN") to take-down your server. By default, Tomcat's server.xml is not readable by anyone other than the user who unzipped the archive. It's not unusual to see that file set to world-readable, though. In the case that the file is *not* world-readable, changing the password can still keep an unprivieged user from trivially taking-down your service. Obviously, if the file is not protected in this way, the password is no protection at all. If the attacker is logged-in as the Tomcat user, you can't stop them from shutting-down Tomcat of course: they can just run bin/shutdown.sh. If the shutdown port is completely disabled, they can just run "kill [pid]". The same is true of any privileged user. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJRcAhXAAoJEBzwKT+lPKRYxaMQAJ4/GboHNGRNrpd4Mjaq3jzD HgDxs2QqPh5QykSRHYjIOlnaF8Rb1mm+xqa81bkVEXnxlmy12hodPgx0c7xPK+qE rZ6IVNlzwS5dBpH7hxj3XoKKi9kgaFVi9ULQI5e2+jeaxhtT0xjeftpkuGOxitT0 tlyRuWra6Dj/nM4Ow1T3GAHDWK/iIUafFmEtcJdxe3fhx0KcGvB5tJMgH52ledix WgCZHSvGxKTBjypc61XlOWyMYftc4fDnqcwHna8n7I2nTzSmVY9nMoF915zoks3j 8SJJIYXMYJFtPy45GG9uXoY3VaiQpQB+4ML9p/a/2THeVdXYZY/YFneaoydIKjGR iEaHgC1yGi92cwhEliB5pfWteAvS/DJwIO89+Ioz4a0GINaW9krnKr8bKfAAN6Le k2ey4NeQNfuLAxwUkvjKc/CABTeehw4YFQYd3Yd18C3zISYeWXX0QCI1cIllND4s RoV4zgbu2xhgAYYcy1d9abTfRBNstgdJOKmFfRH2IoUtXMq7Ptqb3WK4KiuOj43n 5j7x/EGMzRC9LzWE+EzeiFdQw2AMeZbVeFSLn9lq2upzPMti9K5IJybXbDC9/gHc sPIgqm9W2cwg+5BAffYGzXdzlOcGmVp0aJVHtX0KHsKprFfE1laRWZ8REz2NRtZv 8ZQCp3VBXNNWhIzcqSu1 =HZUQ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org