"Pier P. Fumagalli" wrote:
>
> Justin Erenkrantz at [EMAIL PROTECTED] wrote:
>
> > On Tue, Aug 21, 2001 at 06:51:52PM -0000, [EMAIL PROTECTED] wrote:
> >> craigmcc 01/08/21 11:51:52
> >>
> >> Modified: catalina/src/share/org/apache/catalina/core
> >> StandardServer.java
> >> Log:
> >> Fix for a DoS attack against the shutdown port, that could cause an "out
> >> of memory" exception by sending a continuous stream of characters. Now,
> >> Tomcat will only listen for enough characters to match or not-match the
> >> required password, then it shuts the port.
> >
> > Now I'll know exactly how long the shutdown password is. =-) -- justin
>
> Good point... :(
>
> Pier
It is a good point. Might I suggest shutting it off at an arbitrary
limit instead ... say, 100 characters?
- Christopher
