tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pier P. Fumagalli" <>
Subject Re: Tomcat Security Vulnerability
Date Sat, 07 Oct 2000 00:58:37 GMT
Michael Percy wrote:
> > 3. In 3.3 - I'll just remove the exit and all "control" messages, and
> > leave the communication mechanism only for proxy-ing
> > requests. The admin
> > interface will be used to stop tomcat and do any administrative tasks.
> > It's possible to automate this using HTTP requests with a
> > password header.
> Will this eliminate the possibility of ever letting Apache start and stop
> Tomcat of its own accord? I remember this feature has been talked about for
> a long time and AFAIK has not been implemented. Or is it not really
> important?

It's easy to spawn of a daemon and control it w/ UNIX signals w/o
relying on any kind of network hack... It's just a matter on dealing w/
JNI invocation, but not hard at all, and, at least for Tomcat 4.0,
that's exactly what I'm working on right now...


View raw message