tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject RE: Tomcat Security Vulnerability
Date Fri, 06 Oct 2000 20:46:49 GMT
> Just a general note. Using a firewall to protect a port or using IP
> filtering or changing the port number are not fixes to the security
> problem. They are workarounds. Being able to shut down the server
> remotely is a serious security hole and needs to be treated as such.

Being able to shut down the server remotely is indeed a serious security

But IMHO the real solution is to do use a firewall - and I strongly
disagree it is a workaround. Heck - X11 does have 3-4 password-checking 
mechanisms, but I don't think any decent network rely on this and let 6000
open. Same for NFS or SMB - again, both have built-in security ( more or
less ). 

If anyone contribute code to do extra checks I think we would be happy to
include it.

I think it's a big mistake to assume anything is secure - including a
firewall or multiple firewalls, but it's important to at least minimize
the risks - and so far the best way is to use IP-level mechanisms wherever
is possible. It's a well tested mechanism ( as oposed to any home-grown 
security mechanism ).

The problem may be that we provide too many options for communication and
configuration - heck, I think mod_jk + JNI or ajp13 is the best long term
solution. Do you want a secure server - just disable AJP12 and mod_jserv.
We tried to provide some compatibility with JServ - probably a wrong 
decision. I would not spend too much time adding passwords ( that can be
sniffed easily ) to ajp12. 

I'm all +1 for removing the shutdown option form mod_jserv or to remove
mod_jserv completely. 

We have the start of an admin interface, it's easy to just use it to stop


> "Use a firewall" is only a reasonable solution for the problems you
> don't know about. If its a problem you know about, you need to fix the
> problem.
> --Tim
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

View raw message