> From: Leo Donahue - RDSA IT [mailto:leodona...@mail.maricopa.gov] > Subject: RE: server.xml shutdown port command string
> If I am the only person deploying web apps (that I have developed), should I > still consider changing this command string value to something more complex? Only if untrusted users have access to the machine Tomcat is running on or misguided security policies dictate that you must. If you're in a paranoid environment, just disable the shutdown port. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org