You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Andrey Kartashov <an...@sonatainc.com> on 2001/05/13 00:11:57 UTC
[PATCH] Secure defaults in server.xml + support for "multihomed" machines
This patch is a result of our previous discussion with Henry about making
more secure default bindings in "server.xml".
Summary of changes:
src/etc/server.xml:
Added address="127.0.0.1" parameter to Ajp interceptors that should make
them bind to "localhost" by default (At the very least someone won't be
able to shutdown a server remotly now)
src/share/org/apache/tomcat/modules/server/Ajp12Interceptor.java:
Fixed to make it print IP into conf/ajp12.id in all the cases
( address.toString() does not always work the way we need here)
src/share/org/apache/tomcat/util/IntrospectionUtils.java:
Added support for method setXXX( InetAddress ) which is needed to do
all the stuff described above.
src/share/org/apache/tomcat/util/net/PoolTcpEndpoint.java:
Fixed to make work properly when bound to interface other than "localhost"
Attached please find diff.txt with all this changes.
Diff is made using "cvs diff" against current state of jakarta-tomcat CVS
repository.
Please let me know what you think:)
--
oo Andrey
oo
oOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOo
"All mail clients suck. This one just sucks less."
-- http://www.mutt.org/ Jeremy Blosser
oOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOo