https://issues.apache.org/bugzilla/show_bug.cgi?id=55675
Bug ID: 55675 Summary: Checking and handling invalid configuration option values Product: Tomcat 8 Version: trunk Hardware: PC Status: NEW Severity: normal Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: racezh...@gmail.com Hi all, I was using Tomcat for a while, but found Tomcat sometimes does not handle misconfiguration well, which causes unnecessary confusion. Specifically, when users provide a wrong configuration option and Tomcat produces a wrong result (or crashes), Tomcat should explicitly dump error message pointing to the mis-configured option, rather than just dumping stack traces, or simply restoring to the default behavior. At least, the invalid configuration values should be logged. Strictly speaking, this may not be a bug, but (I think) it is definitely worth improving to give better user experience. I have found many places in Tomcat. Here is a very simple case for illustration purpose (I have more complex examples, which I can post if they are of general interest): In McastService.java public long getDropTime() { String p = properties.getProperty("memberDropTime"); return new Long(p).longValue(); } If a careless user uses "1o" (not 0) as the value of configuration option: "memberDropTime", Tomcat will throw an exception when parsing this string. Similar cases occur to me a few times; often, the effect of a misconfigured option propagates through the program and causes some *delayed* problem, making it even harder to localize the original misconfigured option. I would suggest to add timely check immediate after reading a configuration option value. For the above case, check whether p is a long value or not, and also checking its permitted ranges. (yes, many places in Tomcat do this, but still many places like the above case miss the checking). I would like Tomcat to explicitly warn the user (or at least log) which option is misconfigured rather than delaying the effect until the program crashes. I found a couple of such places. and wondering whether Tomcat developers would like to know them, and how do you think about such "mis-handling"? Thanks -Sai -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org