You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Andrey Kartashov <an...@sonatainc.com> on 2001/05/13 00:11:57 UTC

[PATCH] Secure defaults in server.xml + support for "multihomed" machines

This patch is a result of our previous discussion with Henry about making
more secure default bindings in "server.xml".

Summary of changes:
src/etc/server.xml:
	Added address="127.0.0.1" parameter to Ajp interceptors that should make
	them bind to "localhost" by default (At the very least someone won't be
	able to shutdown a server remotly now)

src/share/org/apache/tomcat/modules/server/Ajp12Interceptor.java:
	Fixed to make it print IP into conf/ajp12.id in all the cases
	( address.toString() does not always work the way we need here)

src/share/org/apache/tomcat/util/IntrospectionUtils.java:
	Added support for method setXXX( InetAddress ) which is needed to do
	all the stuff described above.

src/share/org/apache/tomcat/util/net/PoolTcpEndpoint.java:
	Fixed to make work properly when bound to interface other than "localhost"


Attached please find diff.txt with all this changes.
Diff is made using "cvs diff" against current state of jakarta-tomcat CVS
repository.

Please let me know what you think:)

-- 
oo Andrey
oo
oOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOo
"All mail clients suck. This one just sucks less."
           -- http://www.mutt.org/  Jeremy Blosser
oOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOo