FW: server port and shutdown

2004-08-19 Thread Diego, Emil 
You could just install a firewall, like firestarter and then block that port so nobody 
can connect to it.


Emil Diego
Website Administrator
University of Miami School of Business
305.284.5449


-Original Message-
From: Shapira, Yoav [mailto:[EMAIL PROTECTED] 
Sent: Thursday, August 19, 2004 9:10 AM
To: Tomcat Users List
Subject: RE: server port and shutdown


Hi,
There's no way to turn this off, it's a basic and essential Tomcat function.  You can 
change the port and SHUTDOWN command itself to something your users wouldn't know.

Yoav Shapira
Millennium Research Informatics


-Original Message-
From: Mats Henrikson [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 19, 2004 7:26 AM
To: Tomcat User
Subject: server port and shutdown

Hi,

I have searched through the archives and the docs for this, but can't 
find anything relevant.

I am running Tomcat 4.1.30 on a multiuser system. Because there are 
quite a few users on the system I would like to disable the server 
shutdown port, as it is trivial for any of the other users to telnet 
there and type SHUTDOWN.

I tried just leaving the port and shutdown attributes out of the Server 
definition element, but that didn't seem to have any effect, it seemed 
to just listen on the default port 8005 for the default command
SHUTDOWN
as usual.

Surely there is some way to turn this off, or maybe some other to 
protect it from malicious users?

Regards,

Mats


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




This e-mail, including any attachments, is a confidential business communication, and 
may contain information that is confidential, proprietary and/or privileged.  This 
e-mail is intended only for the individual(s) to whom it is addressed, and may not be 
saved, copied, printed, disclosed or used by anyone else.  If you are not the(an) 
intended recipient, please immediately delete this e-mail from your computer system 
and notify the sender.  Thank you.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.736 / Virus Database: 490 - Release Date: 8/9/2004
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.736 / Virus Database: 490 - Release Date: 8/9/2004
 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: FW: server port and shutdown

2004-08-19 Thread QM 
On Thu, Aug 19, 2004 at 09:12:03AM -0400, Diego, Emil wrote:
: You could just install a firewall, like firestarter and then block that port
: so nobody can connect to it.

That, and promise pain and suffering to any of your users you catch
doing this. 

Sometimes a technical issue requires a policy solution. =)

-QM

-- 

software  -- http://www.brandxdev.net
tech news -- http://www.RoarNetworX.com


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: FW: server port and shutdown... off topic

2004-08-19 Thread John Villar 

Sometimes a technical issue requires a policy solution. =)
 

That's completely true almost every security issue nowadays involves 
someone doing (or not doing) *regularly* what (s)he isn't (or is) 
supossed to do, due to lack of policy on that matter.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]