-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 André,
On 2/19/2010 5:45 AM, André Warnier wrote: > - Since address 127.0.0.1 is the "local loopback" address on any host, a > process can only connect to it from the local host, and from nowhere else. Yes, but things like SSH tunnels can be used to allow a remote client to perform a shutdown. Any local user on the server can shut down Tomcat if they know the shutdown "command" (which defaults to "SHUTDOWN") and the port on which Tomcat is listening. Many folks choose to disable the SHUTDOWN command entirely and require that Tomcat be shut down using an OS signal, which can be restricted to the owner of the Tomcat process (and root, of course). - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkt+sd0ACgkQ9CaO5/Lv0PDRAgCfYeNlvVhtWK5EYMiFg6ST/9i7 ZggAnRG3JR+uargC8Xcb91Wlp2ylS/Hr =12jy -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org