Roshan, This assumes ... The user has access to log onto the machine. The user has access to read the server.xml file to find out what the shutdown command. assuming you havn't changed the shutdown command to something less predictable You may wish to set it to something else.
Of course if you know a better way ? David "NAIK,ROSHAN (HP-Cupertino,ex1 To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> )" cc: <[EMAIL PROTECTED] Subject: Tomcat shutdown port and security om> 05/08/2003 02:14 Please respond to "Tomcat Developers List" Given that _anybody_ on the local machine could simply telnet to the port and issue a "SHUTDOWN" command. Isnt the current shutdown mechanism in Tomcat 4 a security issue ? -- Roshan --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]