tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tal Dayan" <...@zapta.com>
Subject RE: Port=0, binding in Random...
Date Wed, 24 Oct 2001 00:18:36 GMT
I proposed not to consider port 0 as a fatal error that will abort Tomcat
but simply to ignore
it and not to bind to any shutdown port at all.

In our deployment we are not using the shutdown port, so having to have an
unused 'shutdown' port open is just an invitation for problems (security
wise).

Thanks,

Tal

> -----Original Message-----
> From: Pier Fumagalli [mailto:pier@betaversion.org]
> Sent: Tuesday, October 23, 2001 4:56 PM
> To: Tal Dayan; tomcat dev jakarta.apache.org
> Subject: Port=0, binding in Random...
>
>
> Anytime we construct a ServerSocket in Tomcat, we shouldn't allow
> the value
> "0" to be passed to the ServerSocket constructor, as that will
> bind down to
> a random port number... (and we don't want to open random ports on the
> server, don't we?)
>
> For TC40, I believe the fix is pretty easy, in ServerSocketFactory... I
> don't know if TC3x is affected...
>
> Thanks to Tal for noticing...
>
>     Pier
>


Mime
View raw message