tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Percy <>
Subject RE: Tomcat Security Vulnerability
Date Fri, 06 Oct 2000 23:11:53 GMT
> 3. In 3.3 - I'll just remove the exit and all "control" messages, and
> leave the communication mechanism only for proxy-ing 
> requests. The admin
> interface will be used to stop tomcat and do any administrative tasks.
> It's possible to automate this using HTTP requests with a 
> password header.

Will this eliminate the possibility of ever letting Apache start and stop
Tomcat of its own accord? I remember this feature has been talked about for
a long time and AFAIK has not been implemented. Or is it not really


View raw message