You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Frank Parato <Fr...@liz.com> on 2005/01/12 13:55:18 UTC
Shutdown port
Is there a way to remove the shutdown port on a server ? I tried
pulling the "port=8005" option out, but it still listens on that port
and I'm able to shut it down.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
RE: Shutdown port
Posted by Rajaneesh <ra...@slk-soft.com>.
Hey!
I had a question! Can you shutdown the machine by typing
http://localhost:8005 in the browser?
I thought this was disabled in the Tomcat version 4 onwards?
Regards
Rajaneesh
-----Original Message-----
From: Ben Ricker [mailto:bricker@brick.net]
Sent: Thursday, January 13, 2005 4:44 AM
To: Tomcat Users List
Subject: Re: Shutdown port
For an extra bit of security,replace "SHUTDOWN" with some sort of long,
random string and then lock down the server.xml to 640. Someone who
gains, or already has access to the box can shut it down the other way.
Ben Ricker
On Jan 12, 2005, at 6:55 AM, Frank Parato wrote:
>
> Is there a way to remove the shutdown port on a server ? I tried
> pulling the "port=8005" option out, but it still listens on that port
> and I'm able to shut it down.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Shutdown port
Posted by Ben Ricker <br...@brick.net>.
For an extra bit of security,replace "SHUTDOWN" with some sort of long,
random string and then lock down the server.xml to 640. Someone who
gains, or already has access to the box can shut it down the other way.
Ben Ricker
On Jan 12, 2005, at 6:55 AM, Frank Parato wrote:
>
> Is there a way to remove the shutdown port on a server ? I tried
> pulling the "port=8005" option out, but it still listens on that port
> and I'm able to shut it down.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Shutdown port
Posted by David Smith <dn...@cornell.edu>.
From what I understand from other postings, no. However, the shutdown
port is bound to the localhost interface so only a connection from
127.0.0.1 will work. Joe Schmoe client out in internet land can't
shutdown your tomcat service.
--David
Frank Parato wrote:
>Is there a way to remove the shutdown port on a server ? I tried
>pulling the "port=8005" option out, but it still listens on that port
>and I'm able to shut it down.
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org