That's good, but that doesn't resolve a regular user having the ability to do a shutdown when logged in.
John > -----Original Message----- > From: HAVENS,PETER (HP-Cupertino,ex3) [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, September 11, 2002 2:12 PM > To: 'Tomcat Users List' > Subject: RE: Tomcat shutdown & security > > > FYI, > > Yes tomcat does use a port to shutdown but it is a > requirement that the port > be written to from the local host. That is if you try to > open a socket and > write the shutdown command to it, Tomcat will only shutdown > if this is done > from the same system that is running Tomcat. Try it. > > -Peter > > -----Original Message----- > From: Przemyslaw Wegrzyn [mailto:[EMAIL PROTECTED]] > Sent: Friday, September 06, 2002 1:22 PM > To: Tomcat Users List > Subject: RE: Tomcat shutdown & security > > On Fri, 2002-09-06 at 21:04, Turner, John wrote: > > > > Very interesting. I hadn't investigated this scenario > until now. I like > > your suggestion. > > Even more, I've checked what exactly goes there, and you can stop > default Tomcat installation by simply telneting localhost 8005 and > typing SHUTDOW from your console. Of course any user can do this. > IMHO It's not acceptable. > > -=Czaj-nick=- > > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>