tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrey Kartashov <andrey.kartas...@sonatainc.com>
Subject [PATCH] Secure defaults in server.xml + support for "multihomed" machines
Date Sat, 12 May 2001 22:11:57 GMT

This patch is a result of our previous discussion with Henry about making
more secure default bindings in "server.xml".

Summary of changes:
src/etc/server.xml:
	Added address="127.0.0.1" parameter to Ajp interceptors that should make
	them bind to "localhost" by default (At the very least someone won't be
	able to shutdown a server remotly now)

src/share/org/apache/tomcat/modules/server/Ajp12Interceptor.java:
	Fixed to make it print IP into conf/ajp12.id in all the cases
	( address.toString() does not always work the way we need here)

src/share/org/apache/tomcat/util/IntrospectionUtils.java:
	Added support for method setXXX( InetAddress ) which is needed to do
	all the stuff described above.

src/share/org/apache/tomcat/util/net/PoolTcpEndpoint.java:
	Fixed to make work properly when bound to interface other than "localhost"


Attached please find diff.txt with all this changes.
Diff is made using "cvs diff" against current state of jakarta-tomcat CVS
repository.

Please let me know what you think:)

-- 
oo Andrey
oo
oOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOo
"All mail clients suck. This one just sucks less."
           -- http://www.mutt.org/  Jeremy Blosser
oOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOo

Mime
View raw message