tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GOMEZ Henri <hgo...@slib.fr>
Subject RE: [PATCH] Secure defaults in server.xml + support for "multihom ed" machines
Date Tue, 15 May 2001 07:46:18 GMT
+1


>-----Original Message-----
>From: Andrey Kartashov [mailto:andrey.kartashov@sonatainc.com]
>Sent: Sunday, May 13, 2001 12:12 AM
>To: tomcat-dev@jakarta.apache.org
>Subject: [PATCH] Secure defaults in server.xml + support for
>"multihomed" machines
>
>
>
>This patch is a result of our previous discussion with Henry 
>about making
>more secure default bindings in "server.xml".
>
>Summary of changes:
>src/etc/server.xml:
>	Added address="127.0.0.1" parameter to Ajp interceptors 
>that should make
>	them bind to "localhost" by default (At the very least 
>someone won't be
>	able to shutdown a server remotly now)
>
>src/share/org/apache/tomcat/modules/server/Ajp12Interceptor.java:
>	Fixed to make it print IP into conf/ajp12.id in all the cases
>	( address.toString() does not always work the way we need here)
>
>src/share/org/apache/tomcat/util/IntrospectionUtils.java:
>	Added support for method setXXX( InetAddress ) which is 
>needed to do
>	all the stuff described above.
>
>src/share/org/apache/tomcat/util/net/PoolTcpEndpoint.java:
>	Fixed to make work properly when bound to interface 
>other than "localhost"
>
>
>Attached please find diff.txt with all this changes.
>Diff is made using "cvs diff" against current state of 
>jakarta-tomcat CVS
>repository.
>
>Please let me know what you think:)
>
>-- 
>oo Andrey
>oo
>oOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOo
>"All mail clients suck. This one just sucks less."
>           -- http://www.mutt.org/  Jeremy Blosser
>oOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOo
>

Mime
View raw message