You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by GOMEZ Henri <hg...@slib.fr> on 2001/05/15 09:46:18 UTC

RE: [PATCH] Secure defaults in server.xml + support for "multihom ed" machines

+1


>-----Original Message-----
>From: Andrey Kartashov [mailto:andrey.kartashov@sonatainc.com]
>Sent: Sunday, May 13, 2001 12:12 AM
>To: tomcat-dev@jakarta.apache.org
>Subject: [PATCH] Secure defaults in server.xml + support for
>"multihomed" machines
>
>
>
>This patch is a result of our previous discussion with Henry 
>about making
>more secure default bindings in "server.xml".
>
>Summary of changes:
>src/etc/server.xml:
>	Added address="127.0.0.1" parameter to Ajp interceptors 
>that should make
>	them bind to "localhost" by default (At the very least 
>someone won't be
>	able to shutdown a server remotly now)
>
>src/share/org/apache/tomcat/modules/server/Ajp12Interceptor.java:
>	Fixed to make it print IP into conf/ajp12.id in all the cases
>	( address.toString() does not always work the way we need here)
>
>src/share/org/apache/tomcat/util/IntrospectionUtils.java:
>	Added support for method setXXX( InetAddress ) which is 
>needed to do
>	all the stuff described above.
>
>src/share/org/apache/tomcat/util/net/PoolTcpEndpoint.java:
>	Fixed to make work properly when bound to interface 
>other than "localhost"
>
>
>Attached please find diff.txt with all this changes.
>Diff is made using "cvs diff" against current state of 
>jakarta-tomcat CVS
>repository.
>
>Please let me know what you think:)
>
>-- 
>oo Andrey
>oo
>oOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOo
>"All mail clients suck. This one just sucks less."
>           -- http://www.mutt.org/  Jeremy Blosser
>oOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOo
>

Re: [PATCH] Secure defaults in server.xml + support for "multihom ed" machines

Posted by Andrey Kartashov <an...@sonatainc.com>.

On Tue, May 15, 2001 at 09:46:18AM +0200, GOMEZ Henri wrote:
> +1

Thanks!
So what's the procedure for adding it to CVS? Is there a contact person 
responsible for adding patches or if not then how does it work?
Sorry to be asking but I didn't see any info about it on jakarta web site and
I'm new to this list as well:)


-- 
oo Andrey
oo
oOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOo
"All mail clients suck. This one just sucks less."
           -- http://www.mutt.org/  Jeremy Blosser
oOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOo