tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 40947] - Stopping the server should not rely on passing a string to a port on localhost.
Date Thu, 14 Dec 2006 18:39:16 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=40947>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=40947





------- Additional Comments From shankarunni@netscape.net  2006-12-14 10:39 -------
The subject was that you felt that using a port and reading a string to shutdown
tomcat was insecure.

My point was that you don't have to rely on that mechanism - there are other
mechanisms already available to you. If you are uncomfortable with the shutdown
port, you can disable it in your installation and use a method you think is more
secure.

In either case, if you want to disable the shutdown port, *and* have Tomcat work
as a "system service" either on Linux/Unix or Windows, some custom work will be
required on your part.

For Linux, you'll have to adjust the startup script to kill tomcat instead of
invoking its "stop" command.

On Windows, there may be an issue because the default service stop/start
defaults to using PROCRUN to invoke the Catalina stop() entry point which simply
sends a string to the shutdown port. Perhaps a custom shutdown script can be
whipped up to send a CTRL-BREAK to the process instead, and have the service
invoke that for stopping the process (this may require some development work).

On second thought, I think this may be a valid enhancement request for the
future - a more reliable semi-secure mechanism so that only the process owner or
the administrator can shut the process down. 

Martin: perhaps you can create a separate enhancement request for this?  But
it's definitely not a very high priority - for most environments, this isn't an
issue, and for the few where it is (shared Linux environments in schools, etc.),
it's possible to hand-tweak the init scripts and server.xml to not use the
shutdown port at all.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message